IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

Unanswered Question
Aug 27th, 2009

I am about to deploy a solution where I will have lots of remote branches which will have dynamic and static ISPs. They will all connect to the Head Quarters office (HQ).

In my testings, I already have 3 clients and I am doing a lot of config statements and I can predict that as I add more clients, the config will become unmanagable.

I am currently using static crypto maps. I am also using GRE inside IPSec.

I've been reading about IPSec Profiles and IPSec VTIs. They look like they might save me lots of code while my environment grows so I want to know what do you think?

Which of the 2 approaches will be better and more scalable?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
slmansfield Sat, 08/29/2009 - 07:41

IPSEC profiles with VTIs greatly improve scalability and flexibility in the creation of secure access between WAN sites.

Here is a URL that provides all the details of how to set them up, just in case you haven't already seen this.



This Discussion