Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic & Static VTI

I connect 2 routers with static vti. I have also configured a dynamic vti on each router in order to allow some users to connect from their PCs remotely. The static vti is working fine. When a remote user try to connect with vpn client to the network the tunnel that connects the two routers is disconnected.

Is it possible to have static and dynamic vti on the same router?

I am attaching the CLI configuration of one of the routers. The second router has similar configuration.

Cisco Employee

Re: Dynamic & Static VTI

try this:

crypto isakmp profile IKE-PROFILE-2

match identity address n.n.n.n (address of the peer)

crypto ipsec profile PROF1

set transform-set ESP-AES-SHA

set isakmp profile IKE-PROFILE-1

crypto ipsec profile PROF2

set transform-set ESP-AES-SHA

set isakmp profile IKE-PROFILE-2

interface Tunnel0

tunnel protection ipsec profile PROF2

If there is still a problem, then get :

debug crypto isakmp

debug crypto ipsec

debug crypto socket

debug tunnel protection

Start the debugs before the problem occurs.