By Tim Charlton IP Security, (IPSec). Virtual Private Networks, (VPNs), and Generic Routing Encapsulation tunnels (GRE), are both methods of transferring data over public, intermediary networks such as the Internet. There are many differences between these technologies. Let’s begin with a brief overview.
A VPN allows a company to securely transfer data and services between different locations at minimal cost. A VPN allows users who don’t have a permanent computer in the company to connect to it remotely. They can access company data via a laptop, home computer, or any other mobile device. A company can reap the benefits of a VPN solution by implementing it.
Cost savings – You don’t need to lease lines from a telecoms provider to build a wide area network (WAN). A VPN can be implemented over an existing Internet connection. A VPN implementation costs less than a traditional leased line WAN. A VPN solution requires Internet access for each site or mobile user that wants to connect to it.
Encrypted traffic – VPNs can use a variety encryption methods within the IPSec protocol framework in order to protect traffic between an organization’s remote locations and users. Some VPN installations also use Secure Sockets Layer (SSL) to encrypt data. This encryption standard is used by many online retailers, banks Web sites, and other Internet-based businesses.
Easy network expansion – VPN access usually requires an Internet connection, a VPN gateway appliance and, in some cases, a software program. Expanding a VPN to include remote users and new locations is usually less expensive than connecting a new site with a leased-line WAN.
GRE tunnels can be used to establish point-to-point connections between two networks, similar to IPSec VPNs. GRE tunnels have the following benefits and characteristics:
Data encapsulation – GRE tunnels encapsulate packets using protocols that are incompatible with an intermediary (passenger protocols), within compatible protocols (transport protocols). This allows data to be transmitted across networks that would otherwise be impossible to traverse. You could use a GRE tunnel to connect two AppleTalk network via an IP-only network, or to route IPv4 packets over a network that uses only IPv6.
Simplicity – GRE tunnels lack flow-control and security by default mechanisms. This can make configuration easier. You probably don’t want data to be transferred in unencrypted format across a public network. Therefore, GRE tunnels can be supplemented with the IPSec suite protocols for security. GRE tunnels can also forward data from dispersed networks through one tunnel, which is something VPNs are unable to do.
Multicast traffic forwarding – GRE tunnels can be used for multicast traffic transmission, while a VPN cannot. Multicast traffic, such as advertisements sent via routing protocols, can be easily transferred between remote locations using a GRE Tunnel.
Both VPNs and GRE tunnels are both possible to transfer data from remote locations. Their similarities do not end there. A VPN is a secure way to connect remote users to resources located in a central location. A GRE tunnel is recommended if traffic must be passed over an incompatible network.
Are you interested in Cisco Certification? Check out our NetSim and Practice Exam demos.
Tunnel photo by Frederic BISSON
