this is a wild card key; often used with DMVPN hub's... it lets anyone in using this key ;)
2. That is correct. What this means is the GRE traffic is the "interesting traffic" the vpn crypto map will encrypt with IPSEC.
You do not need to declare all your networks, in fact that is beauty of GRE/IPSEC vpn. You simply add more routes to the gre tunnel and they all pass inside the source/destination ip listed in the source X and destination Y outside GRE addresses of the tunnel. You can use tunnel VTI config so you dont even have to apply the crypto map to any specifc interface. an example would be as follows -
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...