Junos OS

Hello all, this is the first time I've set up GRE over IPsec and need a sanity check to verify if I did it right.

---------------------------------------------------------

Router A

WAN 2.2.2.2

IPsec tunnel st0.1 192.168.253.1/30

Bouter B

WAN 3.3.3.3

IPsec tunnel st0.1 192.168.253.2/30

---------------------------------------------------------

The IPsec tunnel passes traffic nicely but we need to add multicast support for an app, so I added a GRE tunnel with the IPsec st0.x interfaces as the GRE endpoints:  (ignoring the additional config to enable multicast for the moment)

---------------------------------------------------------

Router A

gr-0/0/0.1 source 192.168.253.1 destination 192.168.253.2

Router B

gr-0/0/0.1 source 192.168.253.2 destination 192.168.253.1

---------------------------------------------------------

Traffic seems to pass OK.

Question:  Did I get the wrapping order correct, in that the GRE tunnel will run inside the IPsec tunnel?  I want to make sure I didn't get this backwards and expose unencrypted traffic to the world, by running GRE outside of IPsec.

Hi rebus,

Yes, you got it correct, as long as the tunnel is up and the traffic is flowing it will pass over the IPSec tunnel with the snippets of configuration and information you provided.