A GRE over IPSec VPN is a legacy solution that uses a crypto map to encrypt GRE traffic between two peer routers. GRE tunnels are required to tunnel unicast, multicast traffic between two peers and useful establishing a routing adjacency between sites, which a crypto map VPN cannot achieve natively. GRE transmits traffic in clear text, which is why IPSec is used to ensure the GRE traffic is encrypted.
Since IOS-XE 16.6 static and dynamic crypto maps are End of Life, Cisco recommends using Virtual Tunnel Interfaces (VTI) such as FlexVPN or DMVPN. Refer to the previous posts on FlexVPN and DMVPN.
This post covers the basic configuration of a GRE over IPSec VPN tunnel on Cisco IOS-XE routers.
Continue reading “GRE over IPSec VPN”