Have you tried using VTI instead of GRE over IPsec, will most likely make your configuration a bit simpler? Theres helps of articles out there for it, but here is one i just found. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/con...