|
Posted by GT on June 11, 2008, 4:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options > GT wrote:
> > dear all, wanted to see if i could get any comments on the issues
> > around the concept of 'virtual tunnel interfaces' as a method of
> > setting up ipsec vpn's
>
> > as i have (hopefully correctly) read, there is advantage to be gained
> > from using VTI's instead of using 'crypto maps' applied to an
> > interface on account of being applied 'interface-centric' capability
> > such as dynamic routing, QOS etc.
>
> > one most salient question would be whether they provide equivalent
> > capability to the 'dynamic crypto map;' to support windows VPN
> > clients ? - reverse route injection etc.
>
> > are there issues of coexsitence such that a router provide ipsec
> > encryption to one site, while using a VTI configuration to establish
> > ipsec vpn with another device ?
>
> > help in this gladly received
>
> > Graham
>
> Some of the following documents may address your questions.
>
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6...
>
> http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPS...
>
> http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_whit...
>
> Best Regards,
> News Reader- Hide quoted text -
>
> - Show quoted text -
yep - good docs had got one of them
re routing - to quote - "Dynamic routing can be used with SVTIs.
Routing with DVTIs is not supported or recommended. "
does this mean that we can not redistribute the dynamically created
routes for the dynamic peers ?
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map