I would like to know about some issue in GRE over IPsec.I configured one point to point GRE over IPsec tunnel.I would like to know if i want to configure other GRE tunnel to HUB without using IPsec,can i use this gre tunnel without encryption ? IPSec profile will drop new gre traffic (no used encryption) ?
HUB router's outside interface only accepts encrypted traffic and IPSec profile applied in current router external interface so all the traffic coming in must match current IPSec profile.
Please see for example configuration
Eg. In hub router
interface GigabitEthernet0/0/1
ip address 10.10.10.1 255.255.255.0
ipsec apply policy test
interface Tunnel1 mode gre
mtu 1560
ip address 1.1.1.1 255.255.255.254
source 10.10.10.1
destination 10.10.10.2
keepalive 3 3
ip route-static 1.1.1.2 32 10.10.10.2
acl number 3200
rule 0 permit ip source 1.1.1.1 0 destination 1.1.1.2 0
rule 20 permit gre source 10.10.10.1 0 destination 10.10.10.2 0
ipsec policy test 1 isakmp
transform-set trans1
security acl 3200
remote-address 10.10.10.2
ike-profile 1
!
ike profile 1
certificate domain test1
local-identity address 10.10.10.1
match remote identity address 10.10.10.2 255.255.255.255
proposal 1