GRE over IPSec ACL question

BosefusBosefus Member Posts: 67 ■■□□□□□□□□
In all the GRE over IPSec configuration guides I seem to find, they recommend using the following ACL

access-list 120 permit gre host host

Where source is outside local and destination is outside remote.

Is the ACL used to specify what traffic to encrypt? If so wont this mean that not all traffic will be encrypted?

Working on CCNP, passed BSCI, Currently working on ONT.


  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    It will encrypt whatever you have already encapsulated inside GRE. So if those IPs mark your GRE tunnel endpoints then you ultimately control what actual data is being encrypted by deciding what will go through the GRE tunneling process pre-IPSec.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • BosefusBosefus Member Posts: 67 ■■□□□□□□□□
    Makes sense, thank you for your reply.
    Working on CCNP, passed BSCI, Currently working on ONT.
Sign In or Register to comment.