I've got several internal networks with overlapping IP schemes so we stuffed each into their own VRF so they could get out our 2911 router and into the outside world. We have a couple /28's and I can get everyone out onto the internet with each network's traffic NAT'd through it's own external IP.
The twist is we're using a cloud service for internet content filtering and we want to build the GRE's for that traffic off the router as well. For policy and reporting reasons the tunnels need to originate from their own external IP. I cannot seem to get the tunnels to come up and route to the destination. They show up (as up as a tunnel interface can show) but I can't ping the inside IP of the destination. So I am doing something wrong but I search as I may I can't seem to come up with a solution.
I have been at this piece for about 3 days now and can't seem to crack it. I'm posting a sketch and the relevant parts of the router's config. Anyone with suggestions or questions please chime in. As much as I've taught myself the last couple weeks it apparently isn't enough to bring it all together.