GRE Tunnel over IPSEC Lab

The following Lab is a demonstration on how to set up the GRE Tunnel over IPSEC.

GRE (Generic Routing Encapsulation) – Cisco developed tunneling protocol

• GRE is great in a sense that it allows end users to share data that would not normally be shared over the public network. It supports both encapsulations such as Unicast and multicast packets but its inability to encrypt Payloads makes it very insecure and not recommended as a standalone tunnel.

• GRE tunnel which is efficient in every sense but lacks security and IPSEC will provide the security end.

IPSEC (Internet Protocol Security) – Used to set up VPNs, encrypting IP packets with source authentication

• Once the GRE Tunnel is set up, you can configure an IPSEC Tunnel between the IPSEC peers among each router which will establish protection for any trafficking IP Packets. The protocol that is used here is called IKE (Internet Key Exchange) which establishes the tunnel. 

• Having the GRE Tunnel over IPSEC is basically having the best of the both worlds.

I will now show you a Lab Demonstration, on how you can setup a GRE Tunnel over IPSEC

• Following is my lab topology, which you can use as a reference

The following was used to create this Lab

• OSPF

• EIGRP

• REDISTRIBUTION

• GRE TUNNEL

• IPSEC

• The following subnet has been used to configure this network

  192.168.1.0/28

  192.168.1.16/28

  192.168.1.32/28

  192.168.1.48/28

The goal of this Topology 

-  Achieve dynamic reachability between all the different subnets on the following network using OSPF and EIGRP through the transit router.

- Setup GRE Tunnel over IPSEC