Hello Manish, The INE blogpost refers to GRE over IPSec , where the GRE packet is encapsulated inside an ESP packet ( as you rightly said ).
Since the crypto map is applied on the Physical interface, it sees the packet "Post-tunnelling" . So it sees the packet with the GRE header on and then encrypts it. I believe the same thing can also be achieved by using TUNNEL PROTECTION in the tunnel interface with the GRE tunnel mode set as gre ip. Cheers! TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
