How to configure GRE Tunnel on Cisco IOS Router

Hello Luis

You bring up a very good point as far as terminology is concerned. The term VPN has unfortunately been used somewhat liberally, and to a certain degree, incorrectly, especially among marketing professionals.

Strictly speaking, a Virtual Private Network is a method of extending a private network across a public network. It’s original meaning had to do with connecting two or more remote private networks across a public network. It specifically involves the two (or more) ends of a VPN terminating at the customer premises. It doesn’t inherently include anything about security or privacy, although security is a best practice that should be implemented with VPNs.

Today there are several types of VPNs, some of which are closer to the original meaning of the term than others.

  1. VPNs that connect two or more remote sites extending their private network over a public network. This is also known as a Site-to-Site VPN. Technologies in this category at various levels of the OSI model include GRE tunnels, IPSec tunnels, DMVPNs, and Frame-Relay to name a few.
  2. VPNs that connect individual users to a corporate network using a VPN client, also called a remote access VPN. Some technologies used here include Anyconnet as well as other VPN clients, with a Cisco ASA or other security appliance.
  3. VPN Services, which are companies that allow you to securely connect to the Internet, and to hide your own IP address from the sites you visit. Strictly speaking, these are not VPNs. These are internet connection security services. They essentially allow you to connect to a “VPN server” somewhere on the Internet such that, that server becomes a relay or a proxy for all of your traffic. In other words, the sites and services you visit via that “VPN” see that server as the initiator of the communication, and not your own IP. This way you can (theoretically) hide your physical location, as well as any other network elements that can in any way associate you with that session.

Note that all of these technologies use some form of tunneling, which may warrant the use of the term VPN, but understanding the implications of the terminology is important.

To answer this question now, the answer is yes, because GRE (along with some other protocols) is the purest form of the original meaning of the term VPN. All the additional security features, and particulars of implementation and usage, are additions to this fundamental definition.

Yes, you are correct in your description, however, GRE doesn’t need any security (such as IPSec) to be considered a site-to-site VPN. Security should definitely be employed as best practice, but it is not part of the original VPN definition.

I hope this has been helpful!

Laz