Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec over GRE

Hi all!

I have found a few configuration examples for the GRE over IPSec on the /TAC website. It is tricky that in this case the crypto map has to be assigned for both the physical and the tunnel interfaces.

But as it can be seen on the following picture

I need an IPSec over GRE. I have tried to configure the router that terminates both the GRE and the IPSec tunnel but without success. Could you provide me a draft guideline how to configure this router.




Re: IPSec over GRE

The following link should help with the configuration of your IPSEC.

Cisco Employee

Re: IPSec over GRE


You can follow the below URL the GRE/IPSec config:



New Member

Re: IPSec over GRE


If you are able to use a new IOS image such as 12.2(11)T or better 12.2(13)T you can utilise Cisco's new IPSec implementation.

So your configuration on the Cisco would look something like:

crypto isakmp policy 10

encr 3des

authentication pre-share

lifetime 86000


crypto isakmp key some-secret-key address


crypto ipsec transform-set trans-set1 esp-3des esp-sha-hmac


crypto ipsec profile policy1

set transform-set trans-set1


interface Loopback1

ip address yyy.yyy.yyy.yyy


interface Tunnel1

ip address

ip access-group Tunnel-IPSec-out out

ip mtu 1476

ip route-cache flow

ip ospf message-digest-key 1 md5 7

ip ospf cost 100

tunnel source Loopback1

tunnel destination xxxx.xxxx.xxxx.xxxx

tunnel protection ipsec profile policy1

Where xxxx.xxxx.xxxx.xxxx is the external remote IP address and yyyy.yyyy.yyyy.yyyy is the local external IP address. This setup does not require the crypto map to be applied to any interfaces. This will basically create a GRE tunnel between the 2 routers and then protect the GRE tunnels with IPSec.

If you need any further assistance feel free to email me.

- Brett

CreatePlease to create content