GRE over IPSEC tunnel mode

Unanswered Question
Apr 16th, 2009

Hi, can GRE work over IPSEC tunnel mode? As IPSEC tunnel mode will encapsulate all the headers (GRE and IP) inside the outermost ESP IP header, then how will the GRE process know the tunnel end-points as they will be encrypted?

I was able to sucessfully configure GRE over IPSEC transport mode and everything worked fine. But i am not sure if GRE works fine with IPSEC tunnel mode?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 04/16/2009 - 13:43

Sandev

GRE works fine with IPSec tunnel mode. The IPSec encapsulates the GRE packet, then sends the ESP packet to the VPN peer. The VPN peer deencapsulates the ESP packet, finds that the payload is a GRE packet, and processes the GRE packet as expected.

HTH

Rick

sandevsingh Thu, 04/16/2009 - 22:53

Thanks, i configured this in a lab environment. I could see that my IPSEC tunnel is up. (Was able to check this by show crypto isakmp sa and show crypto ipsec sa), but somehow i was not able to ping my GRE tunnel endpoint. Both my tunnel endpoints are in the same subnet.

When i changed the mode to transport, it started pinging. Any idea why this is happening?

Actions

This Discussion