Can static crypto maps Co-exist with Tunnel (DTI/VTI) interfaces ?

Unanswered Question
Nov 3rd, 2009
User Badges:


I have a Cisco 2811, with L2L vpns and vpn clients configured using static / dynamic crypto maps

These maps are then applied to the Dialer0 interface, and everything works fine !!

Now, I am trying to add a new VPN connection to Amazon VPC, using generated configs.

This config, uses what I belive is the newer method of using Tunnel interfaces.

However, when I add the new config, the ISAKMP fails after entering main mode exchange.

My questions is : Can the two configs methods (crypto maps and Tunnel ) co-exist ??

A doc I found entitled "IpSec Vitrual Tunnel Interfaces" says :-

"IKE SA is bound to the VTI. Because IKE SA is bound to the VTI, the same IKE SA cannot be used for a crypto map".

Not sure what "same sa" means.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion