Solved: Subnet Mask for VTI Interface IP for route-based VPN with Mocrosoft Azure

zobaarul · ‎02-10-2019

Hi all,

I am trying to configure a route-based VPN with Microsoft Azure. I was reading the document in the link below:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-vti.pdf

In this document, VTI interface IP has been set with a /31 subnet mask. From azure portal, a suggested configuration for on-premises device can be generated which also suggest to set the VTI interface IP with a /31 subnet. I tried to google it but could not find anything definitive.

Could someone explain why /31 subnet mask is suggested here?

Thanks in advance and apologies if similar discussion was already here before that I could not find.

Mohammed al Baqari · ‎02-11-2019

Yes anything including 169.x subnet and you can use the mask which you prefer.

*** Please remember to rate useful posts

View solution in original post

Mohammed al Baqari · ‎02-10-2019

To avoid wasting IPs because the this subnet is used only between VTI
tunnel endpoints for routing.

zobaarul · ‎02-10-2019

Thanks for your reply.

So its not mandatory or anything. And I can use any subnet mask I prefer?

Mohammed al Baqari · ‎02-11-2019

Yes anything including 169.x subnet and you can use the mask which you prefer.

*** Please remember to rate useful posts

zobaarul · ‎02-12-2019

Thanks again