GRE over IPSEC tunnel mode

Unanswered Question
Apr 16th, 2009
User Badges:

Hi, can GRE work over IPSEC tunnel mode? As IPSEC tunnel mode will encapsulate all the headers (GRE and IP) inside the outermost ESP IP header, then how will the GRE process know the tunnel end-points as they will be encrypted?

I was able to sucessfully configure GRE over IPSEC transport mode and everything worked fine. But i am not sure if GRE works fine with IPSEC tunnel mode?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Thu, 04/16/2009 - 13:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


GRE works fine with IPSec tunnel mode. The IPSec encapsulates the GRE packet, then sends the ESP packet to the VPN peer. The VPN peer deencapsulates the ESP packet, finds that the payload is a GRE packet, and processes the GRE packet as expected.



sandevsingh Thu, 04/16/2009 - 22:53
User Badges:

Thanks, i configured this in a lab environment. I could see that my IPSEC tunnel is up. (Was able to check this by show crypto isakmp sa and show crypto ipsec sa), but somehow i was not able to ping my GRE tunnel endpoint. Both my tunnel endpoints are in the same subnet.

When i changed the mode to transport, it started pinging. Any idea why this is happening?

sdoremus33 Mon, 04/20/2009 - 11:39
User Badges:
  • Bronze, 100 points or more

Could you post your config on this subject. Thanks


This Discussion