virtual tunnel interfaces / crypto maps

Discussion in 'Cisco' started by GT, Jun 11, 2008.

  1. GT

    GT Guest

    dear all, wanted to see if i could get any comments on the issues
    around the concept of 'virtual tunnel interfaces' as a method of
    setting up ipsec vpn's

    as i have (hopefully correctly) read, there is advantage to be gained
    from using VTI's instead of using 'crypto maps' applied to an
    interface on account of being applied 'interface-centric' capability
    such as dynamic routing, QOS etc.

    one most salient question would be whether they provide equivalent
    capability to the 'dynamic crypto map;' to support windows VPN
    clients ? - reverse route injection etc.

    are there issues of coexsitence such that a router provide ipsec
    encryption to one site, while using a VTI configuration to establish
    ipsec vpn with another device ?

    help in this gladly received

    Graham
     
    GT, Jun 11, 2008
    #1
    1. Advertising

  2. GT

    News Reader Guest

    GT wrote:
    > dear all, wanted to see if i could get any comments on the issues
    > around the concept of 'virtual tunnel interfaces' as a method of
    > setting up ipsec vpn's
    >
    > as i have (hopefully correctly) read, there is advantage to be gained
    > from using VTI's instead of using 'crypto maps' applied to an
    > interface on account of being applied 'interface-centric' capability
    > such as dynamic routing, QOS etc.
    >
    > one most salient question would be whether they provide equivalent
    > capability to the 'dynamic crypto map;' to support windows VPN
    > clients ? - reverse route injection etc.
    >
    > are there issues of coexsitence such that a router provide ipsec
    > encryption to one site, while using a VTI configuration to establish
    > ipsec vpn with another device ?
    >
    > help in this gladly received
    >
    > Graham
    >


    Some of the following documents may address your questions.

    http://www.cisco.com/en/US/prod/col...6/ps6635/prod_white_paper0900aecd803645b5.pdf

    http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.pdf

    http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.pdf


    Best Regards,
    News Reader
     
    News Reader, Jun 11, 2008
    #2
    1. Advertising

  3. GT

    GT Guest

    On Jun 11, 6:18 pm, News Reader <> wrote:
    > GT wrote:
    > > dear all, wanted to see if i could get any comments on the issues
    > > around the concept of 'virtual tunnel interfaces' as a method of
    > > setting up ipsec vpn's

    >
    > > as i have (hopefully correctly) read, there is advantage to be gained
    > > from using VTI's instead of using 'crypto maps' applied to an
    > > interface on account of being applied 'interface-centric' capability
    > > such as dynamic routing, QOS etc.

    >
    > > one most salient question would be whether they provide equivalent
    > > capability to the 'dynamic crypto map;' to support windows VPN
    > > clients ? - reverse route injection etc.

    >
    > > are there issues of coexsitence such that a router provide ipsec
    > > encryption to one site, while using a VTI configuration to establish
    > > ipsec vpn with another device ?

    >
    > > help in this gladly received

    >
    > > Graham

    >
    > Some of the following documents may address your questions.
    >
    > http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6...
    >
    > http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPS...
    >
    > http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_whit...
    >
    > Best Regards,
    > News Reader- Hide quoted text -
    >
    > - Show quoted text -


    yep - good docs had got one of them

    re routing - to quote - "Dynamic routing can be used with SVTIs.
    Routing with DVTIs is not supported or recommended. "

    does this mean that we can not redistribute the dynamically created
    routes for the dynamic peers ?
     
    GT, Jun 11, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tical
    Replies:
    2
    Views:
    3,102
    tical
    Dec 2, 2003
  2. B.T.
    Replies:
    1
    Views:
    9,186
    Walter Roberson
    Oct 19, 2004
  3. Dan Lanciani

    tunnels and crypto maps

    Dan Lanciani, Mar 20, 2006, in forum: Cisco
    Replies:
    0
    Views:
    7,499
    Dan Lanciani
    Mar 20, 2006
  4. Replies:
    4
    Views:
    2,008
  5. Robert Jacobs

    IPsec Virtual Tunnel Interfaces

    Robert Jacobs, Apr 10, 2007, in forum: Cisco
    Replies:
    0
    Views:
    395
    Robert Jacobs
    Apr 10, 2007
Loading...

Share This Page