Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
4
Replies

site to site vpn tunnel with virtual interfaces

pcfreak49
Level 1
Level 1

‎01-02-2012 05:45 AM

First I want everyone a Happy Happy New Year 2012 wishes and above all good health

I have a question anyone know how sometimes a site to site vpn ipsec tunnel should make virtual interfaces?

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-02-2012 06:27 AM

I assume we're talking about IOS IPsec virtual interfaces.

You can perform a SVTI-SVTI or SVTI-DVTI connection.

Only when connecting to DVTI will you create virtual-access interfaces based on your virtual-template for each tunnel.

Otherwise in case of SVTI you always have tunnel interface which will remain down if IPsec SA is not established.

0 Helpful

pcfreak49
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-02-2012 06:44 AM

yes it is a site to site VPN tunnel using ipsec virtual tunnel interfaces of
this I geconfigureert


crypto isakmp policy 10000
  ENCR aes 256
  authentication pre-share
  Group 16
crypto isakmp key address Cisco123 84,197,174,182
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ah-sha-hmac sitetositevpn esp-aes 256 esp-sha-hmac comp-LZS
!
crypto map ipsec-isakmp CMAP_R2 10000
  ! incomplete
  Set peer 84,197,174,182
  set transform-set sitetositevpn
  set pfs group16
  match address sitetositevpn
!
!
!
!
!
interface Tunnel0
  ip address 11.11.21.1 255.255.255.0

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to pcfreak49

‎01-02-2012 08:30 AM

All SVTI interfaces are using tunnel protection and not crypto maps.

What I think you're going for it GRE over IPsec, the old way;

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml#cfg_encryption

while VTI-based config would looks like this:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1027265

What is your end question/design you wanted to achieve?

M.

0 Helpful

pcfreak49
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-02-2012 08:44 AM

I have geconfigureert according to this site Cisco is good or not?

0 Helpful
Customers Also Viewed These Support Documents