GRE IPSEC and Loopback interface

Dear all

Please excuse my ignorance, but I've been struggling for about 2 months now
with configuring GRE over IPSEC using a Loopback interface as the source of
the tunnel.

I wish to tunnel all internal traffic (including communication generated by
the routers) over the internet between our HQ and a remote office. I wish
to encrypt all communication that passes over the public network, and hide
all internal IP addresses.

Our remote LAN uses the 10.20.80.0/24 subnet, and the HQ (being the "hub"
where all networks join) can route to all other 10.0.0.0/8 networks.
We also have multiple available public IP addresses on both sides.

The following configuration closely matches what I am trying to achieve...
http://www.cisco.com/warp/public/707/ipsec_gre.shtml


....except that, it's not clear to me which interfaces would need public IPs
in our scenario.

I think the ethernet interfaces (10.64.10.0/27) are equivalent to our
Internet interfaces. However, would the 192.168.1.1 & 192.168.2.1 and
10.1.1.1 & 10.1.1.2 IP addresses need to be public or private?

Also, if I wished to use static routes initially, what would be the best way
(in terms of next hop or outgoing interface) to point the HQ router (router
"Light") to networks 10.1.1.2/32, 192.168.2.1/32 and 172.16.2.1/24?



I'd be indebted to you (almost) forever if you can assist! ;-)

Thank you kindly!
Paul