GRE over IPsecis used totunnel non-IP traffic, multicast, and dynamic routing protocolsover IPsec VPN.
Tunnel mode is requiredbecause:
Transport mode only encrypts the payload, but GRE needs the entireoriginal IP packet encrypted.
Tunnel mode encrypts the entire packet(original + GRE headers), ensuring full encapsulation.
Why is this statement true?
GRE over IPsec must use tunnel modeto fully encapsulate and protect packets.
HCIP-Security References:
Huawei HCIP-Security Guide → GRE over IPsec Configuration
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit