Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

I am about to deploy a solution where I will have lots of remote branches which will have dynamic and static ISPs. They will all connect to the Head Quarters office (HQ).

In my testings, I already have 3 clients and I am doing a lot of config statements and I can predict that as I add more clients, the config will become unmanagable.

I am currently using static crypto maps. I am also using GRE inside IPSec.

I've been reading about IPSec Profiles and IPSec VTIs. They look like they might save me lots of code while my environment grows so I want to know what do you think?

Which of the 2 approaches will be better and more scalable?


Re: IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

IPSEC profiles with VTIs greatly improve scalability and flexibility in the creation of secure access between WAN sites.

Here is a URL that provides all the details of how to set them up, just in case you haven't already seen this.

CreatePlease to create content