Category:Cisco Systems -> Security
In GRE over IPSec scenario, the crypto map is applied to Physical Interface.
GRE over IPsec then the order is GRE first, IPsec second. The order will be:
1.) Original header | Payload ! before GRE
2.) Outer header | GRE | Original header | Payload ! after GRE
3.) Outer header | ESP | Encrypt ( GRE | Original header | Payload ) ! after IPsec transport mode
So all interesting traffic plus GRE’s traffic both are encrypted.
Also see IPSec over GRE
By privilege15