Ggthjy

How to completely remove a package in Ubuntu (like it never existed)

Is `Object` a function in javascript?

Time-efficient matrix elements grouping and summing

Does diversity provide anything that meritocracy does not?

Translation needed for 130 years old church document

How do you get out of your own psychology to write characters?

Illustrator to chemdraw

Count repetitions of an array

Memory usage: #define vs. static const for uint8_t

Why is that max-Q doesn't occur in transonic regime?

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

Non-Cancer terminal illness that can affect young (age 10-13) girls?

Why is 'diphthong' pronounced the way it is?

Cat is tipping over bed-side lamps during the night

How much light is too much?

Can my friend and I spend the summer in Canada (6 weeks) at 16 years old without an adult?

Switch case implementation in Java for an integer pair combination

Why did Luke use his left hand to shoot?

Am I correct in stating that the study of topology is purely theoretical?

Does it take energy to move something in a circle?

Are the positive and negative planes inner or outer planes in the Great Wheel cosmology model?

Coworker asking me to not bring cakes due to self control issue. What should I do?

Website seeing my Facebook data?

What species should be used for storage of human minds?

How IPsec tunnel mode work without GRE

How is my GRE-Tunneled packet being routed?What problem does GRE solve?Pre-fragmentation for IPsec VPNs on cisco routersIn IPsec VPN, how is the pre-shared key encrypted?Two GRE tunnels in one subnetHow would “looping” in GRE occur according to RFC 2784GRE over IPsec between Juniper SRX100 and Fortigate 100DMPLS over GRE tunnel with Linux iproute2IPsec Tunnel is showing decrypt packets counter but 0 encryption packets: #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0Layer 3 tunnel with Dynamic IP address

3

IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?

ipsec tunnel gre

share|improve this question

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?
  
  – Ron Trunk
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So what's the difference between GRE+IPsec and IPsec only ?
  
  – Nakrule
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.
  
  – Ricky Beam
  4 hours ago
  

  
  
  
  

add a comment | 

3

IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?

ipsec tunnel gre

share|improve this question

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?
  
  – Ron Trunk
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So what's the difference between GRE+IPsec and IPsec only ?
  
  – Nakrule
  7 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.
  
  – Ricky Beam
  4 hours ago
  

  
  
  
  

add a comment | 

IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?

ipsec tunnel gre

share|improve this question

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

share|improve this question

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

share|improve this question

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

edited 7 hours ago

Cown

6,26131030

edited 7 hours ago

Cown

6,26131030

asked 8 hours ago

NakruleNakrule

15415

asked 8 hours ago

NakruleNakrule

15415

1 Answer
1

active

oldest

votes

4

So what's the difference between GRE+IPsec and IPsec only?

In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.

The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.

share|improve this answer

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.
  
  – Marc 'netztier' Luethi
  4 hours ago
  
  
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f57197%2fhow-ipsec-tunnel-mode-work-without-gre%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

4

So what's the difference between GRE+IPsec and IPsec only?

In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.

The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.

share|improve this answer

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.
  
  – Marc 'netztier' Luethi
  4 hours ago
  
  
  

  
  
  
  

add a comment | 

4

So what's the difference between GRE+IPsec and IPsec only?

In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.

The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.

share|improve this answer

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.
  
  – Marc 'netztier' Luethi
  4 hours ago
  
  
  

  
  
  
  

add a comment | 

So what's the difference between GRE+IPsec and IPsec only?

In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.

The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.

share|improve this answer

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

share|improve this answer

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

answered 7 hours ago

Ron TrunkRon Trunk

37k33475

answered 7 hours ago

Ron TrunkRon Trunk

37k33475