Create a VPN with GRE over IPsec

You must complete these tasks to configure GRE Generic Routing Encapsulation over IPsec:

  1. Configure a GRE tunnel for the traffic that you want to secure.

  2. Configure an IKEv1 policy, if desired. You can also use manual key configuration.

  3. Create an IPsec proposal with tunnel or transport mode. You can use an existing proposal.

  1. Create an IPsec policy with these settings:

  2. For the traffic selector:

  • Protocol = (47) GRE

  • Local Address = the Local IP Address that you specified for the GRE tunnel

  • Remote Address = the Remote IP Address that you specified for the GRE tunnel

  1. Key Exchange Method = Auto (with IKEv1) or Manual.

  2. Proposal = the IPsec proposal that you created in step 3

Configure other settings as you choose.

  1. Configure firewall access policies to allow the traffic.

  2. Configure a static route for the VPN traffic, if necessary.