dear all, wanted to see if i could get any comments on the issues around the concept of 'virtual tunnel interfaces' as a method of setting up ipsec vpn's
as i have (hopefully correctly) read, there is advantage to be gained from using VTI's instead of using 'crypto maps' applied to an interface on account of being applied 'interface-centric' capability such as dynamic routing, QOS etc.
one most salient question would be whether they provide equivalent capability to the 'dynamic crypto map;' to support windows VPN clients ? - reverse route injection etc.
are there issues of coexsitence such that a router provide ipsec encryption to one site, while using a VTI configuration to establish ipsec vpn with another device ?
help in this gladly received
Graham