Implementing Cisco IP Routing (CCNP ROUTE, legacy) — Question 328

Which statement is true about an IPsec/GRE tunnel?

Answer options

• A. The GRE tunnel source and destination addresses are specified within the IPsec transform set.
• B. An IPsec/GRE tunnel must use IPsec tunnel mode.
• C. GRE encapsulation occurs before the IPsec encryption process.
• D. Crypto map ACL is not needed to match which traffic will be protected.

Correct answer: C

Explanation

The correct answer is C because GRE encapsulation happens prior to the IPsec encryption, allowing the data to be wrapped before being secured. Option A is incorrect as the GRE tunnel addresses are not included in the IPsec transform set. Option B is also wrong since IPsec can operate in transport mode as well. Lastly, option D is false because a crypto map ACL is necessary to specify which traffic should be encrypted.