I want to protect a GRE tunnel with IPSEC. The KB article I've read says that this should be done with a "site to site" VPN that protects the WAN addresses at each end of the GRE tunnel. I assume this will work, but this sort of setup is more a job for host to host / transport mode IPSEC.
I haven't tested that, but IPSEC has the option to negotiate only protection of certain protocols (and ports). Sophos XG does not seem to allow me to select IP protocol 47 though (GRE). I guess protecting all traffic between the endpoints isn't a bad thing, but I don't need the extra protection.
Is there a CLI way to restrict the IPSEC protection just to protocol 47?
Thanks
James
This thread was automatically locked due to age.
