GRE over IPsec and IPsec over GRE are both tunneling configurations, but they have key differences in implementation and use cases.
Key Differences
When you apply crypto map directly on the GRE tunnel interface, IPSec encapulates the interesting traffic and then this IPSec packet is placed into GRE.
interface Tunnel0
crypto map CMAP —————-> IPSec over GRE
When you apply crypto map on the physical interface to which the GRE tunnel is sourced and have interesting traffic as GRE, then the GRE traffic is placed into IPSec.
interface Tunnel0
no crypto map CMAP
!
int FastEthernet0/0
crypto map vpn ——————-> GRE over IPsec
IPSec tunnels only support encapsulation and encryption of unicast packets, whereas GRE tunnels support encapsulation of both unicast and multicast packets.