GRE Tunnel ove IPSec

Unanswered Question
Jul 30th, 2008
User Badges:


Does anyone knows how to run GRE Tunnel over IPSec. The scenario is bit different. Let me try to explain. PE1 and PE2 belongs to ProviderA which is basically public Internet. PE3 and PE4 belongs to ProviderB which runs IPVPN private network.


There is IPSec tunnel between CPE(1) to PE(1) and another IPSec tunnel between PE(1) to PE(3) which is not transparent to customer. Now customer wants to run GRE between CPE1 and CPE2. Does anyone know how it can be done?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Thu, 07/31/2008 - 05:37
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You need to include the GRE in the IPSec ACL between CPE1<->PE1 and PE1<->PE3

Once CPE1 initiates the GRE tunnel, it will be captured by the IPSec as 'interesting' traffic from CPE1 to PE1.

PE1 will do the same towards PE3, however once it arrives to PE3, it won't be within IPSec towards PE4 with final destination in CPE2.

I believe, a much easier approach is configuring an IPSec between CPE1<->CPE2 and add GRE to the policy of that IPSec.




guruprasadr Thu, 07/31/2008 - 07:33
User Badges:
  • Gold, 750 points or more

HI, [Pls RATE all Informative POST]

Refer Link below for some sample configuration:

Configuring an IPSec between CPE1 < > CPE2 is the good approach too. Your traffic is secured end - to - end.

Pls RATE all Informative POST

Best Regards,

Guru Prasad R


This Discussion