Definitely not IP-ENCAP as GRE is a different protocol. Setting GRE is sufficient if Huawei supports that too, otherwise 255. The Huawei ACL 3000 in your other topic as linked by @msatter doesn't specify any IP protocol, hence 255 (which is the default if you don't specify any protocol) at Mikrotik side is a matching setting.In case of gre over ipsec what ipsec policy should I create? Does it need to be a 255(all) or 4(ip-encap) or 47 gre? I am configuring it between huawei and mikrotik. Huawei guide suggests to set up for ipsec acl for gre over ipsec.
Yes as per that guide from huawei the acl mentions:Definitely not IP-ENCAP as GRE is a different protocol. Setting GRE is sufficient if Huawei supports that too, otherwise 255. The Huawei ACL 3000 in your other topic as linked by @msatter doesn't specify any IP protocol, hence 255 (which is the default if you don't specify any protocol) at Mikrotik side is a matching setting.
Of course you can do whatever you need to keep the other end happy. In MikroTik you can auto-create a policy (by just entering an IPsec key directly at the GRE interface settings) and it will automatically create the policy, and you can look at it.In case of gre over ipsec what ipsec policy should I create? Does it need to be a 255(all) or 4(ip-encap) or 47 gre? I am configuring it between huawei and mikrotik. Huawei guide suggests to set up for ipsec acl for gre over ipsec.
I am using GRE over IPSec, so that I can use ospf between branches.@mafiosa
make your life easily, play specially with ipsec with same vendors devices.
I had unestablished tunnels with mikrotik on different version.
When i upgraded to later version bum everything works well.
i found dynamic routhing protocol are much more easy (i'm avoiding as much as possible) for establishing..ipsec is just weasting a time
It should work well.I am using GRE over IPSec, so that I can use ospf between branches.
I am using GRE over IPSec, so that I can use ospf between branches.@mafiosa
make your life easily, play specially with ipsec with same vendors devices.
I had unestablished tunnels with mikrotik on different version.
When i upgraded to later version bum everything works well.
i found dynamic routhing protocol are much more easy (i'm avoiding as much as possible) for establishing..ipsec is just weasting a time