I have been trying to get this to work for some time. I cannot get IPSEC to work over GRE, with a NAT device in the middle (router to router). I am using Tunnel protection. I am able to get this to work without a NAT device. I am also able to get this to work with "tunnel mode ipsec ipv4" command. I cannot use this command in production.
When I have this set up, it appears that IPSEC is trying to negotiate with gig int rather than the tunnel interface. What am I missing?
Attached are config snippets, and show outputs.
Any help is greatly appreciated.