How IPsec tunnel mode work without GREHow is my GRE-Tunneled packet being routed?What problem does GRE...

How to completely remove a package in Ubuntu (like it never existed)

Is `Object` a function in javascript?

Time-efficient matrix elements grouping and summing

Does diversity provide anything that meritocracy does not?

Translation needed for 130 years old church document

How do you get out of your own psychology to write characters?

Illustrator to chemdraw

Count repetitions of an array

Memory usage: #define vs. static const for uint8_t

Why is that max-Q doesn't occur in transonic regime?

Does the US government have any planning in place to ensure there's no shortages of food, fuel, steel and other commodities?

Non-Cancer terminal illness that can affect young (age 10-13) girls?

Why is 'diphthong' pronounced the way it is?

Cat is tipping over bed-side lamps during the night

How much light is too much?

Can my friend and I spend the summer in Canada (6 weeks) at 16 years old without an adult?

Switch case implementation in Java for an integer pair combination

Why did Luke use his left hand to shoot?

Am I correct in stating that the study of topology is purely theoretical?

Does it take energy to move something in a circle?

Are the positive and negative planes inner or outer planes in the Great Wheel cosmology model?

Coworker asking me to not bring cakes due to self control issue. What should I do?

Website seeing my Facebook data?

What species should be used for storage of human minds?



How IPsec tunnel mode work without GRE


How is my GRE-Tunneled packet being routed?What problem does GRE solve?Pre-fragmentation for IPsec VPNs on cisco routersIn IPsec VPN, how is the pre-shared key encrypted?Two GRE tunnels in one subnetHow would “looping” in GRE occur according to RFC 2784GRE over IPsec between Juniper SRX100 and Fortigate 100DMPLS over GRE tunnel with Linux iproute2IPsec Tunnel is showing decrypt packets counter but 0 encryption packets: #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0Layer 3 tunnel with Dynamic IP address













3















IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?






ipsec tunnel gre







share|improve this question




















  • 1





    You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

    – Ron Trunk
    7 hours ago











  • So what's the difference between GRE+IPsec and IPsec only ?

    – Nakrule
    7 hours ago











  • You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

    – Ricky Beam
    4 hours ago
















3















IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?






ipsec tunnel gre







share|improve this question




















  • 1





    You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

    – Ron Trunk
    7 hours ago











  • So what's the difference between GRE+IPsec and IPsec only ?

    – Nakrule
    7 hours ago











  • You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

    – Ricky Beam
    4 hours ago














3












3








3








IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?






ipsec tunnel gre







share|improve this question
















IPsec tunnel mode encrypt a whole IP packet and sent it as the payload of another IP packet. I have always used GRE as the encapsulation layer when doing IPsec encryption. However, how could I have the same behavior with a router that supports IPsec but does not implements GRE ?






ipsec tunnel gre




ipsec tunnel gre






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 7 hours ago









Cown

6,26131030




6,26131030










asked 8 hours ago









NakruleNakrule

15415




15415








  • 1





    You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

    – Ron Trunk
    7 hours ago











  • So what's the difference between GRE+IPsec and IPsec only ?

    – Nakrule
    7 hours ago











  • You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

    – Ricky Beam
    4 hours ago














  • 1





    You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

    – Ron Trunk
    7 hours ago











  • So what's the difference between GRE+IPsec and IPsec only ?

    – Nakrule
    7 hours ago











  • You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

    – Ricky Beam
    4 hours ago








1




1





You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

– Ron Trunk
7 hours ago





You've answered your own question in your first sentence: IPsec tunnel mode encrypts a whole IP packet and sends it as the payload of another IP packet. What part are you confused about?

– Ron Trunk
7 hours ago













So what's the difference between GRE+IPsec and IPsec only ?

– Nakrule
7 hours ago





So what's the difference between GRE+IPsec and IPsec only ?

– Nakrule
7 hours ago













You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

– Ricky Beam
4 hours ago





You have a GRE tunnel protected by IPSec. If you drop the GRE tunnel part, IPSec is usually carried as a UDP stream.

– Ricky Beam
4 hours ago










1 Answer
1






active

oldest

votes


















4















So what's the difference between GRE+IPsec and IPsec only?




In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.



The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.






share|improve this answer
























  • tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

    – Marc 'netztier' Luethi
    4 hours ago













Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f57197%2fhow-ipsec-tunnel-mode-work-without-gre%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4















So what's the difference between GRE+IPsec and IPsec only?




In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.



The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.






share|improve this answer
























  • tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

    – Marc 'netztier' Luethi
    4 hours ago


















4















So what's the difference between GRE+IPsec and IPsec only?




In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.



The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.






share|improve this answer
























  • tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

    – Marc 'netztier' Luethi
    4 hours ago
















4












4








4








So what's the difference between GRE+IPsec and IPsec only?




In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.



The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.






share|improve this answer














So what's the difference between GRE+IPsec and IPsec only?




In GRE+IPsec the original IP packet is encapsulated in a GRE tunnel packet. The GRE packet is then encapsulated in the IPSec packet.



The most common reason for doing this is to allow broadcast and multicast across the tunnel. Neither is supported by IPSec alone. GRE can also encapsulate non-IP traffic, which IPsec does not support.







share|improve this answer












share|improve this answer



share|improve this answer










answered 7 hours ago









Ron TrunkRon Trunk

37k33475




37k33475













  • tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

    – Marc 'netztier' Luethi
    4 hours ago





















  • tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

    – Marc 'netztier' Luethi
    4 hours ago



















tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

– Marc 'netztier' Luethi
4 hours ago







tunnel mode ipsec ipv4 (or the preferred vendor's equivalent of "tunnel based vpn" or "interface based vpn") will nicely support multicast routing across the tunnel and will allow the multicast based IGPs to form their adjacencies and neighborships, without the need for GRE. Non-IP protocols of course won't work, which they might with GRE.

– Marc 'netztier' Luethi
4 hours ago




















draft saved

draft discarded




















































Thanks for contributing an answer to Network Engineering Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f57197%2fhow-ipsec-tunnel-mode-work-without-gre%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

is 'sed' thread safeWhat should someone know about using Python scripts in the shell?Nexenta bash script uses...

Image
1970s scifi/horror novel where protagonist is used by a crablike creature to feed its larvae, goes mad, and is defeated by retraumatising him Practical reasons to have both a large police force and bounty hunting network? Is there a frame of reference in which I was born before I was conceived? A peculiar integral identity Is there a way to find out the age of climbing ropes? PTIJ: Aharon, King of Egypt Specific Chinese carabiner QA? Can we carry rice to Japan? Would the melodic leap of the opening phrase of Mozart's K545 be considered dissonant? Can an earth elemental drown/bury its opponent underground using earth glide?
Read more

How do i solve the “ No module named 'mlxtend' ” issue on Jupyter?

Image
Dilemma of explaining to interviewer that he is the reason for declining second interview Meaning of すきっとした How much time does it take for a broken magnet to recover its poles? Can a hotel cancel a confirmed reservation? Removing debris from PCB Using AWS Fargate as web server When does coming up with an idea constitute sufficient contribution for authorship? If a druid in Wild Shape swallows a creature whole, then turns back to her normal form, what happens? How Should I Define/Declare String Constants How to add multiple differently colored borders around a node? Can I retract my name from a
Read more

Pilgersdorf Inhaltsverzeichnis Geografie | Geschichte | Bevölkerungsentwicklung | Politik | Kultur...

Image
Gemeinde im BurgenlandOrt im Bezirk OberpullendorfPilgersdorfErsterwähnung 1225 ungarischkroatischBurgenlandBezirk OberpullendorfÖsterreichZöbernbachKirchschlag in der Buckligen WeltLockenhausKatastralgemeindenNoricumkeltischen Höhensiedlung BurgBurgbergPannoniaLudwigs des DeutschenDominicusRatpotsRihherisMagyarenGüssinger FehdeAlbrechtFranziskanernKanizsayKirchschlagKrumbachTürkenProtestantenSteinbachHaidukenAugustiner-EremitenKuruzenPestVolkszählungGemeinderatBürgermeisterdirektwahlErstenZweiten WeltkriegsDeutschkreutzDraßmarktFrankenau-UnterpullendorfGroßwarasdorfHoritschonKaisersdorfKobersdorfLackenbachLackendorfLockenhausLutzmannsburgMannersdorf an der RabnitzMarkt Sankt MartinNeckenmarktNeutalNikitschOberloisdorfOberpullendorfPilgersdorfPiringsdorfRaidingRitzingSteinberg-DörflStoobUnterfrauenhaidUnterrabnitz-SchwendgrabenWeingrabenWeppersdorf Dieser Artikel erläutert die burgenländische Gemeinde. Siehe auch Pilgersdorf (Gemeinde Lasberg), Oberösterreich bzw. Pilgersdorf,
Read more