Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can static crypto maps Co-exist with Tunnel (DTI/VTI) interfaces ?

Hi,

I have a Cisco 2811, with L2L vpns and vpn clients configured using static / dynamic crypto maps

These maps are then applied to the Dialer0 interface, and everything works fine !!

Now, I am trying to add a new VPN connection to Amazon VPC, using generated configs.

This config, uses what I belive is the newer method of using Tunnel interfaces.

However, when I add the new config, the ISAKMP fails after entering main mode exchange.

My questions is : Can the two configs methods (crypto maps and Tunnel ) co-exist ??

A doc I found entitled "IpSec Vitrual Tunnel Interfaces" says :-

"IKE SA is bound to the VTI. Because IKE SA is bound to the VTI, the same IKE SA cannot be used for a crypto map".

Not sure what "same sa" means.

Thanks

340
Views
0
Helpful
0
Replies
CreatePlease to create content