virtual tunnel interfaces / crypto maps

dear all, wanted to see if i could get any comments on the issues around the concept of 'virtual tunnel interfaces' as a method of setting up ipsec vpn's

as i have (hopefully correctly) read, there is advantage to be gained from using VTI's instead of using 'crypto maps' applied to an interface on account of being applied 'interface-centric' capability such as dynamic routing, QOS etc.

one most salient question would be whether they provide equivalent capability to the 'dynamic crypto map;' to support windows VPN clients ? - reverse route injection etc.

are there issues of coexsitence such that a router provide ipsec encryption to one site, while using a VTI configuration to establish ipsec vpn with another device ?

help in this gladly received


Reply to
Loading thread data ...

Some of the following documents may address your questions.

formatting link
formatting link
formatting link

Best Regards, News Reader

Reply to
News Reader

yep - good docs had got one of them

re routing - to quote - "Dynamic routing can be used with SVTIs. Routing with DVTIs is not supported or recommended. "

does this mean that we can not redistribute the dynamically created routes for the dynamic peers ?

Reply to
GT Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.