This section provides FAQs about GRE.
IPSec encrypts only unicast packets, but not multicast packets. GRE can encapsulate multicast packets into unicast packets, but cannot encrypt packets.
The major function of GRE is to encapsulate IPv6 packets and multicast packets, such as routing protocol, voice, and video packets.
The tunnel interface (GRE interface) encapsulates and decapsulates data packets using GRE. The tunnel interface that sends encapsulated packets is called the tunnel source interface, and the one that receives these packets on the peer end is called the tunnel destination interface.
Generally, the local WAN interface is used as the tunnel source interface, and the peer WAN interface is used as the tunnel destination interface.
A tunnel interface IP address enables the tunnel interface to become Up and is mandatory. The IP address is not involved in packet encapsulation.
When static routes are used to direct traffic to a GRE tunnel, the IP address of the interfaces at both ends of the tunnel can belong to different network segments. When a GRE tunnel is established for OSPF routing exchange between two networks connected to the tunnel, the IP address of the interfaces at both ends of the tunnel must belong to the same network segment. Otherwise, the tunnel interfaces fail to establish an OSPF adjacency.
A tunnel interface must be added to a security zone, usually the DMZ. This is because the security zone through which GRE packets pass is associated with the security zone where the tunnel interface resides.
Multiple tunnel interfaces cannot use the same source IP address.