Local IPSec VTI compatability with remote Crypto IPSec

Unanswered Question
Apr 12th, 2010


I am currently trying to configure a local hub VPN router (Cisco 2821) with IPSec VTI's which in turn will connect to remote
partner offices. The remote sites have traditional VPN's configurations configured using standard crypto maps. Phase 1 IKE completes succesfully
but phase 2 terminates with the error:

"no crypto map for remote peer <remote peer IP>"

With a traditional VPN connection from the hub VPN router the IPSec tunnel comes up without a problem but as soon as we convert
to IPSec VTI's the IPSec tunnel can no longer be set up. Initial diagnostics seem to point to the fact that because the IPSec policy of the hub VPN router
VTI's no longer uses crypto ACL's that the remote peer no longer accepts the transform-proposal from the hub due to this.

Are VTI's compatible with traditional crypto VPN's and if so does anybody have any reference documentation on them. I have read much of the Cisco docs on VTI's etc but still do not have a clear idea on this compatability of these technologies.

Many thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion