virtual tunnel interfaces / crypto maps
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by GT on June 11, 2008, 12:23 pm
Please log in for more thread options around the concept of 'virtual tunnel interfaces' as a method of setting up ipsec vpn's as i have (hopefully correctly) read, there is advantage to be gained from using VTI's instead of using 'crypto maps' applied to an interface on account of being applied 'interface-centric' capability such as dynamic routing, QOS etc. one most salient question would be whether they provide equivalent capability to the 'dynamic crypto map;' to support windows VPN clients ? - reverse route injection etc. are there issues of coexsitence such that a router provide ipsec encryption to one site, while using a VTI configuration to establish ipsec vpn with another device ? help in this gladly received Graham | |||||||||||||
|
Posted by News Reader on June 11, 2008, 1:18 pm
Please log in for more thread options Some of the following documents may address your questions. http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd803645b5.pdf http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.pdf http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.pdf Best Regards, News Reader | |||||||||||||
|
Posted by GT on June 11, 2008, 4:37 pm
Please log in for more thread options > GT wrote:
> > dear all, wanted to see if i could get any comments on the issues
> > around the concept of 'virtual tunnel interfaces' as a method of > > setting up ipsec vpn's >
> > as i have (hopefully correctly) read, there is advantage to be gained
> > from using VTI's instead of using 'crypto maps' applied to an > > interface on account of being applied 'interface-centric' capability > > such as dynamic routing, QOS etc. >
> > one most salient question would be whether they provide equivalent
> > capability to the 'dynamic crypto map;' to support windows VPN > > clients ? - reverse route injection etc. >
> > are there issues of coexsitence such that a router provide ipsec
> > encryption to one site, while using a VTI configuration to establish > > ipsec vpn with another device ? >
> > help in this gladly received
>
> > Graham
>
> Some of the following documents may address your questions. > > http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6... > > http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPS... > > http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_whit... > > Best Regards, > News Reader- Hide quoted text - > > - Show quoted text - yep - good docs had got one of them re routing - to quote - "Dynamic routing can be used with SVTIs. Routing with DVTIs is not supported or recommended. " does this mean that we can not redistribute the dynamically created routes for the dynamic peers ? | |||||||||||||
> around the concept of 'virtual tunnel interfaces' as a method of
> setting up ipsec vpn's
>
> as i have (hopefully correctly) read, there is advantage to be gained
> from using VTI's instead of using 'crypto maps' applied to an
> interface on account of being applied 'interface-centric' capability
> such as dynamic routing, QOS etc.
>
> one most salient question would be whether they provide equivalent
> capability to the 'dynamic crypto map;' to support windows VPN
> clients ? - reverse route injection etc.
>
> are there issues of coexsitence such that a router provide ipsec
> encryption to one site, while using a VTI configuration to establish
> ipsec vpn with another device ?
>
> help in this gladly received
>
> Graham
>