Category:Cisco Systems -> Security
In IPSec over GRE scenario, the crypto map is applied to Tunnel Interface.
The order is IPsec first, GRE second. This order will result in these operations:
1.) Original header | Payload ! before IPsec
2.) Original header | ESP | Encrypt ( Payload ) ! after IPsec in transport mode
3.) Outer header | GRE | Original header | ESP | Encrypt ( Payload ) ! after GRE
So only interesting traffic is encrypted not GRE’s (hello packets etc)
Also see GRE over IPSec
By privilege15