You are here
SEC0025 - L2L IPSec IKEv1 Static Virtual Tunnel Interface (VTI)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video walks you through configuring site-to-site (L2L) IPSec VPN tunnel on Cisco routers using static Virtual Tunnel Interface (VTI). We will demonstrate VTI ability to support more than just unicast traffic, and how it offers many benefits similar to GRE tunnel but without the extra GRE overhead. In this lab, EIGRP is used as an example. In addition, we will point out VTI limitation to support non-IP protocol, in which case, we need to resort to GRE. MPLS is a good example and what we use to demonstrate in this lab.
Notes:
- VTI does not required ACL to match interesting traffic, but instead relies on routing, therefore traffic is placed into the tunnel based on destination IP and cannot be natively matched by source IP, although Policy-Based routing can be used as a workaround.
- VTI uses tunnel interface, hence allows any features that are tied to a interface to be implemented
- VTI is capable of transporting both unicast and multicast IP traffic
- VTI allows routing protocol to be enabled across the tunnel without extra GRE overhead
Topic includes
- Static VTI
- Tunnel Interface IP Unnumbered
- MPLS
- GRE
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.