HomeОбразованиеRelated VideosMore From: CBT Nuggets

MicroNugget: How to Build IPsec Site-to-Site Tunnels Using VTIs

61 ratings | 10074 views
Not a subscriber? Start your free week. https://cbt.gg/2CsnIRh CBT Nuggets trainer Keith Barker explains how to build and verify an IPSec site-to-site tunnel using virtual tunnel interfaces.
Html code for embedding videos on your blog
Text Comments (9)
D W (9 months ago)
You specified the authentication method as pre shared key in the IKE policy, but I didn't see a pre shared key being defined. Is is the same syntax for other IPSec tunnels, i.e. "crypto isakmp key"?
Marius Craiu (11 months ago)
Thank you!
Kuba (2 years ago)
Hello Keith, I have a Cisco 2821 router with 5 sites it needs to be connected to with site to site ipsec. I have configured the tunnels exactly like you did in the video but they are very intermittent. The tunnels go up and down at random intervals. I remember when I used crypto maps I couldn't make one crypto map and set all 5 peers under that one, but instead I would have to create sub crypto maps with one peer each and that would work fine. Could this be an issue related to all 5 tunnels have the same source?
vijay bhargav (4 years ago)
Hello Keith, I couldnt understand the advantage of this... I guess same can be achieved by IPSEC over GRE or GRE over IPSEC, Is there any specific advantage ? Regards, VB
Keith Barker (4 years ago)
 IPsec VTIs simplify configuration of IPsec.  They can dynamically create multiple logical IPsec sessions, on demand, all being spun off of the tunnel interface configuration.
Cristobal Vallejos (4 years ago)
hello Keith....by usig this method and not using the crypto maps...no need for access-list to encrypt traffic?
Robert McCormack (4 years ago)
Hello Keith, I noticed you didn't advertise the 15.0.0.0 or 35.0.0.0 networks in EIGRP, was that intentional or not. Thanks for another great video.
Markus Mix (1 month ago)
Only BGP is supported over VTI at least when regarding to ASA (https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-vti.html)
Keith Barker (4 years ago)
The 15 and 35 networks, (representing globally route-able addresses) would already be reachable on the internet, using default gateways that lead to the service providers.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.