cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
0
Helpful
1
Replies

Need suggestion for Multi SA VTI

kashifkhan9407
Level 1
Level 1

I am planning to replace my old routers with ISR 4431 IOS-XE. In my design i have port channel configured through which multiple sub interfaces are configured. 

 

The problem is that, crypto map are not supported on Port-channel interfaces. Due to it cisco has provided the workaround to implement multi SA VTI and according to cisco Multi SA vti are backward compatible with crypto map.

 

I need to know if someone has experience in establishing Sire-to-Site vpns between Multi SA vti on one side and crypto map on remote side.

 

Need you suggestion.

1 Reply 1

If other peer support vti why you not config

Loopback in both peer 

Vti tunnel source and destination using loopback in both peer

Protect vti with ipsec profile 

 

This skip the port channel crypto issue.

Review Cisco Networking for a $25 gift card