GRE with IPSEC VS SVTI | SIMOS Exam Topics

Get 30% off with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter:


GRE is a tunneling protocol developed by Cisco.
It is capable of encapsulating a wide variety of network layer protocols packets inside IP tunnels. This creates virtual point-to-point links. It is a common option to use GRE to pass dynamic routing protocol traffic across an IPsec tunnel.
GRE tunnels do not provide encryption services. GRE is just an encapsulation protocol. It does not offer other services such as encryption. By default, the traffic leaves in clear text.


However, IPsec does not directly support IGP protocols, because the IPsec tunnel cannot natively forward IPv4 multicasts.
To overcome this restriction, you can use a GRE tunnel that actually runs over the IPsec tunnel. GRE supports multicasts by encapsulating them in unicast packets, so GRE supports IGPs.

A major benefit of VTI is that the configuration does not require a static mapping of an IPsec session to a physical interface.
The IPsec endpoint is associated with an actual virtual interface. This is then a routable interface at the tunnel endpoint, and many common interface capabilities can be applied to the IPsec tunnel. They include the association of routing protocols and therefore routing across the VPN tunnel. In the end, VTI is a good alternative to IPsec over GRE tunnels.

Share the Post:

Related Posts

Help Us By Donating