Solved: VTI Transform set NAME and ipsec profile NAME should match?

switched switch · ‎11-16-2015

Just a quick question.
Setting up a VTI between two endpoints and I want to know best practises.

Should the transform set NAME match? My testing shows this is OK to not have the same name on either end as the tunnel works great.

Should the ipsec profile NAME match? Again my testing shows this is OK to not have the same name on either end as the tunnel works great.

Is it OK for the for isakmp policy number to not be the same on both ends. Testing shows this is OK as well.

Whilst I know having different NAMES on each side works, i'd like to know if its safe for production in that its not going to cause me issues down the line.

The reason I ask, I've read that both sides have to match, but what is it just the parameters, or is it parameters and names?

Kannan Ramasubramanian · ‎11-16-2015

Hi,

Only the parameters have to be matched on both the ends and not the names. Names and ISAKMP policy numbers are locally significant and so it's not needed to be matched on both the sides. Let me know if you've any follow-up questions.

HTH,

Kannan

View solution in original post

Kannan Ramasubramanian · ‎11-16-2015

Hi,

Only the parameters have to be matched on both the ends and not the names. Names and ISAKMP policy numbers are locally significant and so it's not needed to be matched on both the sides. Let me know if you've any follow-up questions.

HTH,

Kannan

switched switch · ‎11-16-2015

Thank you Kannan.