I have been looking at various documents about GRE and IPSec and was wondering what the configuration difference is? I found an old post that said GRE over IPSec is not the same as IPSec over GRE. It referred to
Which one am I looking at? Could someone supply me with a small sample config of a GRE/IPSec and also a IPSec/GRE. The examples that I saw had a crypto-map no the tunnel and WAN interface. Why is it on both?
Here's an example of a GRE tunnel being IPSec protected on the same router. Basically we form a GRE tunnel and then IPSec protect it. You would need to apply the crypto map on both logical (tunnel) and physical interface.
Aren't both these examples a demonstration of IPSEC over GRE, or in other words, a GRE tunnel protected or encapsulated by an IPSEC tunnel? The only difference being, that the first example shows GRE tunnel termination on internal routers, and the second showing GRE and IPSEC tunnel termination on the same router? Correct me if I am wrong, but I too have had conflicting reports on this subject.
both examples show GRE over IPSec i.e. encrypting GRE packets over IPSec tunnel.
your understanding of 2 configs are right i.e. in first example GRE terminates on internal router and IPSec on external PIXs, and in the second example, both GRE and IPSec are terminating on the same router. Both situations are possible, depends what you want to do.
"GRE over IPSec" means GRE is transported over an IPSec tunnel, so the
outter most encapsulation is IPSec with GRE inside of it.
current implementation of GRE over IPSec(IOS) requires you to apply crypto map Both on tunnel and physical interface, but this behaviour is going to be changed, and crypto map will be required only on tunnel interfaces in the future, as it sounds logical.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...