why can't you run a routing protocol in IPSEC tunnel mode? why do you need GRE to run a routing protocol?
Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.