Local IPSec VTI compatability with remote Crypto IPSec
I am currently trying to configure a local hub VPN router (Cisco 2821) with IPSec VTI's which in turn will connect to remote partner offices. The remote sites have traditional VPN's configurations configured using standard crypto maps. Phase 1 IKE completes succesfully but phase 2 terminates with the error:
"no crypto map for remote peer <remote peer IP>"
With a traditional VPN connection from the hub VPN router the IPSec tunnel comes up without a problem but as soon as we convert to IPSec VTI's the IPSec tunnel can no longer be set up. Initial diagnostics seem to point to the fact that because the IPSec policy of the hub VPN router VTI's no longer uses crypto ACL's that the remote peer no longer accepts the transform-proposal from the hub due to this.
Are VTI's compatible with traditional crypto VPN's and if so does anybody have any reference documentation on them. I have read much of the Cisco docs on VTI's etc but still do not have a clear idea on this compatability of these technologies.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...