The terms are confusing to me so I wanted to verify if i got the technologies right.
VPN: Virtual Private Network
A generic term to describe private WAN connections over the public Internet where remote sites can connect to HQ privately.
Tunnel: Term to describe that and Additional IP header has been added to the original IP packet,may or may not be encrypted.
IPsec: Defines set of rules for creating a secure VPN.
A VPN technology which provides confidentiality, data integrity, authentication and anti replay. Encapsulates the original IP packet into a new IP header with VPN headers.
IP sec encrypts all data including the original IP packet.
GRE: supports many of the network layer protocol but does not encrypt the data, only builds a tunnel for which a new IP header is added to send information across the public WAN.
Any resources to reinforce these topics would be very helpful.
Thnaks
VPN is a generic term that generally means a secure and encrypted connection where you can tunnel things that could not otherwise be routed, or would require special handling, like port forwarding. However, none of that is a given, so you have to dig in to it. I’ve had people insist that their MPLS “VPN” was encrypted, but in practice they pretty much never are, they’re just separated out so that the routes used on that VPN don’t inherently go to the Internet.
Tunnel is largely the same thing, where it’s kind of a marketing term, and I would tend to say that it implies a lack of encryption if not stated otherwise, but again, you should verify.
IPSEC and GRE are methods of tunneling and doing things. They are specific technical standards that can be used to accomplish a goal, independently or together.
IPSEC is really designed for encryption and security, so making sure your message cannot be read or modified. IPSEC can tunnel some stuff, but more complicated things (e.g. Multicast in most Cisco implementations) won’t work. GRE is really meant for getting things from place A to place B where they normally could not (non-routable protocols, intermediary doesn’t speak the protocol, non-routable addresses, etc). GRE itself provides no real security.
You can combine the two to basically make a GRE tunnel, then encrypt it with IPSEC, and this is the basis of other technologies like DMVPN (which combines those two with NHRP and some sort of DRP (OSPF, EIGRP, RIP, or BGP, generally the first or last).
A VPN is a form of tunneling. You’re just shoving some traffic inside a different stream.
GRE is a form of VPN.
You’ve basically got it though. Your book should have definitions for these things.
IPSec (safe form of tunneling) is the safe encrypted tunneling between two seperated networks.
GRE (Generic Routing Encapsulation, clear text unsafe form of tunneling) however isn’t encrypted but its possible to also do things such as Dynamic Routing etc, which isn’t possible with IPSec alone.
Both forms can be combined.
I am still on my CCNA (27th) but afaik: GRE Is used with IPSec in combination in which the IPSec Data is encapsulated with GRE and the encryption/decryption is done by IPSec.
EDIT: Sorry if i made myself not clear enough, my native language is german and i find it pretty challenging to explain things in english… 
It seems you have a pretty solid understanding of all of these things. Networklessons.com is a solid resource for all things network related.
Essentially GRE (Generic Routing Encapsulation) does not provide security, but it is the solution to encapsulate Layer 3 packets. On the other hand, IPsec provides the security which GRE can’t provide. These two (namely GRE over IPsec) support both Layer 3 packets and security.
IPSEC and GRE are methods of tunneling and doing things. They are specific technical standards that can be used to accomplish a goal, independently or together.
That cleared all my doubts. Thank you soo much.
Spot on with MPLS. Grinds my gears hearing that and encrypted in the same sentence. Very very rare.
Thanks for the explaination, great point where you mentioned Dynamic Routing isn’t possible over IPsec and GRE will provide Multicast support. If im right neighbouring relations won’t form over IPsec due to lack of support of L3 prtocols, correct me if im wrong. Thanks
