Hello all, this is the first time I've set up GRE over IPsec and need a sanity check to verify if I did it right.
---------------------------------------------------------
Router A
WAN 2.2.2.2
IPsec tunnel st0.1 192.168.253.1/30
Bouter B
WAN 3.3.3.3
IPsec tunnel st0.1 192.168.253.2/30
---------------------------------------------------------
The IPsec tunnel passes traffic nicely but we need to add multicast support for an app, so I added a GRE tunnel with the IPsec st0.x interfaces as the GRE endpoints: (ignoring the additional config to enable multicast for the moment)
---------------------------------------------------------
Router A
gr-0/0/0.1 source 192.168.253.1 destination 192.168.253.2
Router B
gr-0/0/0.1 source 192.168.253.2 destination 192.168.253.1
---------------------------------------------------------
Traffic seems to pass OK.
Question: Did I get the wrapping order correct, in that the GRE tunnel will run inside the IPsec tunnel? I want to make sure I didn't get this backwards and expose unencrypted traffic to the world, by running GRE outside of IPsec.