Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA and VTI configuration

Unanswered Question
Aug 7th, 2014
User Badges:
  • Bronze, 100 points or more

Good morning experts,


My experience with ASAs over the last few years has been limited so I am not up on all of the newer features that they offer. I know in the past that ASAs did not support any type of tunnel interfaces and thus did not support a VTI configuration like you can do on an IOS router.


My problem is that I need to build a VPN tunnel between a few ASAs and a Juniper netscreen which many networks on each side that can not easily be summarized. Being able to build a route based VPN on the ASA would be very helpful as the crypto map could essentially be all zeros. Without this configuration, crypto IDs on both sides are going to get very complication very quickly.


I can't seem to find any info on VTI configuration for the ASA which leads me to believe it doesn't exist. However a guy I work with that uses ASAs daily firmly believes that after version 8.4 this configuration is supported.


Can anyone confirm please?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
walleed222 Wed, 09/17/2014 - 23:07
User Badges:

Dear Karthik ,

I do not think the posted link contain what is elton looking for , actually I have few juniper firewalls and looking to replace them with ASA's but the problem is ASA did not support tow of our main requirements which is Route Based VPN through VTI , and GRE tunneling 

I do not why Cisco did not support those features on ASA till now (as per my knowledge) most of firewall vendors support that 

Ivanleonel Thu, 05/19/2016 - 06:00
User Badges:

Sorry for necroposting, howewer I'm curious is ASA still doesn't support VTI ipsec?

Probably times changed? 

Michael Muenz Thu, 05/26/2016 - 06:08
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Best Publication, April 2016

Nope ...

walleed222 Wed, 09/14/2016 - 22:49
User Badges:

yes still not supporting but the good thing they have PBR (policy based routing) now , we are still looking for VTI Ipsec and GRE support 


This Discussion