To setup a GRE tunnel through a secure IPSec tunnel

Digi ACL devices provide the option of setup up a GRE tunnel either as a standalone tunnel, or as an advertised set of routes through an IPSec tunnel.  This allows users to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.

You will need to configure the ACL device to establish an inbound or outbound IPSec tunnel.  For details on configuring the IPSec tunnel, see the following link.

VPN Access with IPSec tunnels

The following configuration setting show a sample setup of a GRE tunnel paired with an IPSec tunnel, where the IPSec tunnel setup is named tunnel_name with a local tunnel network of 172.30.0.1/32 and a remote network of 172.30.0.2/32

1. VPN > IPsec > Tunnels > tunnel name > Policies
   Create or modify the IPsec tunnel to include a policy with specified remote and local network addresses.
   Choosing 'Custom network' can be helpful here because you can see both IP addresses
2. Network > Interfaces > Add Interface
   Add a IPsec loopback endpoint.
3. VPN > IP Tunnels > Add IP tunnel
   The remote endpoint is the IPsec tunnel virtual IP at the other end and the local endpoint is the IPsec loopback endpoint interface we configured earlier.
4. Network > Interfaces > Add Interface
   Add an interface to the IP tunnel device. In this step we are creating a virtual IP address on the GRE tunnel.