Nmedia - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is a GRE tunnel or IPsec tunnel more secure for enterprise use?

The difference between a GRE tunnel and an IPsec tunnel is a commonly discussed topic, but which is more secure? Expert Matthew Pascucci explains which is better for enterprises.

What's the difference between a GRE tunnel and an IPsec tunnel?

It's important to know the difference between Generic Routing Encapsulation and Virtual Private Networks. People should understand more when dealing with tunnels in the future. Both of these protocols are used for tunneling, or establishing a connection between two different points, and many times this means traveling over the public internet. In order to review the difference between the two of these protocols, let's first discuss how they're normally used.

A Virtual Private Network (VPN) is a secure method for sending data between networks or locations with limited or no cost. There is no reason to have leased lines installed to have the data communicate safely over the internet and it's relatively easy to install. The traffic that goes over the VPN is secured and will use either IPsec or SSL when transferring the data between the endpoints. This protects the data in transit and reduces the security concerns of data transfer over the public internet.

A Generic Routing Encapsulation (GRE) tunnel transfers data between two sites -- the transfer comes with lower overhead -- and allows multicast traffic to be sent over the tunnel -- something a VPN has difficulty with -- and does so without encryption. A GRE tunnel also assists with encapsulation between protocols and can join networks that might have otherwise been incompatible.

The biggest difference between the protocols is the security feature. If possible, it's better to use a VPN for transferring data over the public internet when the data is sensitive. There are times when a GRE tunnel needs to be used, for either multicast or incompatibility, and with that you can look into GRE over IPSec tunnels. This allows a communication to secure parts or all of the GRE packets. Understanding the requirements of the connection and the data that's traveling over the tunnel will help select which method is best for your organization.

Ask the Expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn the basics of a hybrid VPN

Discover the best SSL VPN products in the market

Find out how to detect the Terracotta VPN attacks

This was last published in December 2016

Dig Deeper on VPN security