GRE tunnel with crypto statement matching source and destination
Posted on 2007-03-26
Conceptually trying to understand something with IPSec. Just want to know if what I'm thinking is correct...
I have two endpoints 220.127.116.11 and 18.104.22.168.2. The local networks on those two networks are 192.168.1.1 and 192.168.2.1 respectively.
I setup a GRE tunnel to match the two external IPs. I setup a cryptomap over this GRE tunnel, but in my crytpo statements I only match the gre traffic.
I route to each network via the GRE tunnel, but that GRE tunnel is encrypted? Normally, I would match my local networks in my crypto statement so that they are encrypted (show crypto ipsec sa), but I saw a configuration like this the other day and it got me scratching my head. If I only match on GRE traffic, I'm seting up an IPSEC Gre tunnel but is my local traffic passing over it still secure?