Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

I am about to deploy a solution where I will have lots of remote branches which will have dynamic and static ISPs. They will all connect to the Head Quarters office (HQ).

In my testings, I already have 3 clients and I am doing a lot of config statements and I can predict that as I add more clients, the config will become unmanagable.

I am currently using static crypto maps. I am also using GRE inside IPSec.

I've been reading about IPSec Profiles and IPSec VTIs. They look like they might save me lots of code while my environment grows so I want to know what do you think?

Which of the 2 approaches will be better and more scalable?

1 REPLY
Silver

Re: IPSec Profiles vs IPSec Virtual Tunnel Interface (VTI)

IPSEC profiles with VTIs greatly improve scalability and flexibility in the creation of secure access between WAN sites.

Here is a URL that provides all the details of how to set them up, just in case you haven't already seen this.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl_ps6350_TSD_Products_Configuration_Guide_Chapter.html

143
Views
0
Helpful
1
Replies
CreatePlease to create content