With VTI's you still need to configure the isakmp policies, and instead of crypto-maps, you still need to configure the ipsec profiles and apply it to the VTI.
With traditional IPSec you aren't allowed to transmit multicast traffic over the IPSec VPN (routing protocol or any other user multicast traffic).
The solution was to create a GRE over IPSec configuration and routing protocols were able to establish neighbor relationship on the tunnel interfaces.
The drawback of this is a little more complex configuration and the tunnel header overhead added by the GRE tunnel, which increased the resulting packet size that could sometimes create mtu problems along the path of the traffic.
VTI still has the encryption overhead, but it is natively able to trasmit multicast packets, so you don't have to add an additional header, which also simplifies configuration.
Loopbacks are used as a source interface because loopback interfaces never go down.
So if you lose a connection to a router but you have an alternative route to it, then the IPSec tunnel can stay up.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...