ASA and VTI configuration

Elton Babcock · ‎08-07-2014

Good morning experts,

My experience with ASAs over the last few years has been limited so I am not up on all of the newer features that they offer. I know in the past that ASAs did not support any type of tunnel interfaces and thus did not support a VTI configuration like you can do on an IOS router.

My problem is that I need to build a VPN tunnel between a few ASAs and a Juniper netscreen which many networks on each side that can not easily be summarized. Being able to build a route based VPN on the ASA would be very helpful as the crypto map could essentially be all zeros. Without this configuration, crypto IDs on both sides are going to get very complication very quickly.

I can't seem to find any info on VTI configuration for the ASA which leads me to believe it doesn't exist. However a guy I work with that uses ASAs daily firmly believes that after version 8.4 this configuration is supported.

Can anyone confirm please?

Elton

nkarthikeyan · ‎08-08-2014

Hi Elton,

Hope you are looking for this information...

http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116008-flexvpn-nge-config-00.html

Regards

Karthik

walleed222 · ‎09-17-2014

Dear Karthik ,

I do not think the posted link contain what is elton looking for , actually I have few juniper firewalls and looking to replace them with ASA's but the problem is ASA did not support tow of our main requirements which is Route Based VPN through VTI , and GRE tunneling

I do not why Cisco did not support those features on ASA till now (as per my knowledge) most of firewall vendors support that

Ivanleonel · ‎05-19-2016

Sorry for necroposting, howewer I'm curious is ASA still doesn't support VTI ipsec?

Probably times changed?

Michael Muenz · ‎05-26-2016

Nope ...

Michael Please rate all helpful posts

walleed222 · ‎09-14-2016

yes still not supporting but the good thing they have PBR (policy based routing) now , we are still looking for VTI Ipsec and GRE support