I am trying to set up a static VTI IPsec VPN between a SR520 and a RV110w. This works fine between the 520 and an 861, but the RV110 complains about the "permit ip any any" default policy of the VTI. (Same thing happens with the 861 and rv110) Does anyone know how to put a policy in place that would be used in negotiating the tunnel that the 110 would accept?
Attached the lines out of the 110's log and the VTI setup.
Sorry to reply late. Yes, mutlicast is one thing needed. The crypto maps are the "regular" way of setting up VPNs, but the tunnels offer a native way of doing it. Just requires an open (but encrypted) tunnel, which the 110s don't support. By having a tunnel interface, you can more easily manage thing like routing, security, qos, etc., not to mention it's easy to shut down an interface. I didn't find that you can assign the maps to loopback interfaces, which gives some of the features, but still not native like a VTI. If you know how to apply a policy to a VTI, thanks much! Otherwise, I'll just use the maps applied to wan interface.