On Jun 11, 6:18*pm, News Reader <u...@domain.null> wrote:
> GT wrote:
> > dear all, wanted to see if i could get any comments on the issues
> > around the concept of 'virtual tunnel interfaces' as a method of
> > setting up ipsec vpn's
>
> > as i have (hopefully correctly) read, there is advantage to be gained
> > from using VTI's instead of using 'crypto maps' applied to an
> > interface on account of being applied 'interface-centric' capability
> > such as dynamic routing, QOS etc.
>
> > one most salient question would be whether they provide equivalent
> > capability to the 'dynamic crypto map;' to support windows VPN
> > clients ? - reverse route injection etc.
>
> > are there issues of coexsitence such that a router provide ipsec
> > encryption to one site, while using a VTI configuration to establish
> > ipsec vpn with another device ?
>
> > help in this gladly received
>
> > Graham
>
> Some of the following documents may address your questions.
>
> http://www.cisco.com/en/US/prod/coll...537/ps6586/ps6...
>
> http://www.cisco.com/en/US/docs/ios/...re/guide/gtIPS...
>
> http://www.cisco.com/en/US/technolog...hnologies_whit...
>
> Best Regards,
> News Reader- Hide quoted text -
>
> - Show quoted text -
yep - good docs had got one of them
re routing - to quote - "Dynamic routing can be used with SVTIs.
Routing with DVTIs is not supported or recommended. "
does this mean that we can not redistribute the dynamically created
routes for the dynamic peers ?
Similar Threads
