You are here
SEC0020 - Router EZVPN with Dynamic Virtual Tunnel Interface (DVTI)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video desmonstrates the configuration of Easy VPN (EZVPN) using Dynamic Virtual Tunnel Interface (DVTI) on Cisco routers and explains its benefit over the conventional EZVPN with 'crypto map' or tunnel interface with GRE. Here we introduce the concept of Virtual-Template. The second half of the video shows example of additional features that you can implement with VTI using QoS and multicasting.
Note:
- DVTI can pass both unicast and multicast traffic
- DVTI supports additional features that tie to interfaces, (eg. QoS, Firewall, NAT etc.)
- DVTI essentially replaces dynamic crypto map
- 24-byte of GRE header is saved as traffic is encapsulated in raw IPSec
- What traffic will be carried over the IPSec tunnel is determined by routing instead of ACL matching.
- Regardless of number of subnets passing over the tunnel, only one Security Association is created
Topic includes
- DVTI with EZVPN
- Interface Virtual-Template
- QoS on DVTI
- Multicast on DVIT