GRE Tunnel over IPSec Configuration

What do you need help with?

This document helps with
 a brief explanation of GRE Tunnel over IPSec
 step by step procedure with a screenshot to configure in USG
 steps to verify the configured tunnel is working
Generic Routing Encapsulation (GRE) is a tunneling protocol that allows the encapsulation of
many different network-layer protocols between two endpoints. Packets are sent through a
virtual tunnel on a point-to-point link.
It is important to understand that GRE tunnels do not encrypt traffic in any way; they are
simply encapsulated within an additional GRE and IP header. If a secure tunnel is required,
IPSec can be used with GRE to provide data confidentiality.
GRE over IPSec tunnels is different from stand-alone IPSec VPN tunnels. GRE over IPSec
tunnels supports multicast IP traffic, which strict IPSec VPNs do not. This is important when
routing protocols need to send routing information across the tunnel since they use multicast
for their control information.

Few points to remember
 GRE Tunnel over IPSec has two modes
o Tunnel Mode: This work with dynamic IP
o Transport Mode: Only work with Static IP on both ends.
 MTU setting in GRE Tunnel interface in the general set as 1400 – 1420. This is to avoid any
fragmentation problems over the transport networks. Remember that GRE adds an
additional 20-byte IP header as well as a 4-byte GRE header to each packet in the


Please download GRE Tunnel over IPSec Configuration