Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
1
Replies

IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

insccisco
Level 1
Level 1

‎08-27-2009 03:29 PM - edited ‎02-21-2020 04:19 PM

I am about to deploy a solution where I will have lots of remote branches which will have dynamic and static ISPs. They will all connect to the Head Quarters office (HQ).

In my testings, I already have 3 clients and I am doing a lot of config statements and I can predict that as I add more clients, the config will become unmanagable.

I am currently using static crypto maps. I am also using GRE inside IPSec.

I've been reading about IPSec Profiles and IPSec VTIs. They look like they might save me lots of code while my environment grows so I want to know what do you think?

Which of the 2 approaches will be better and more scalable?

Labels:
0 Helpful
1 Reply 1

slmansfield
Level 4
Level 4

‎08-29-2009 07:41 AM

IPSEC profiles with VTIs greatly improve scalability and flexibility in the creation of secure access between WAN sites.

Here is a URL that provides all the details of how to set them up, just in case you haven't already seen this.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl_ps6350_TSD_Products_Configuration_Guide_Chapter.html

0 Helpful
Customers Also Viewed These Support Documents