IPsec Virtual Tunnel Interface - Routers

This is a discussion on IPsec Virtual Tunnel Interface - Routers ; I have recently been pointed in the direction of using an IPsec VTI to route my traffic from site-to-site securely. I am very impressed by the way it works, and want to implement this as soon as possible. The one ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: IPsec Virtual Tunnel Interface

  1. IPsec Virtual Tunnel Interface

    I have recently been pointed in the direction of using an IPsec VTI to
    route my traffic from site-to-site securely. I am very impressed by
    the way it works, and want to implement this as soon as possible. The
    one question I have is...Do I setup te IPsec VTI to transmit data over
    my currently setup site-to-site VPN, or does it replace this VPN
    connection?

    Thanks for the help!


  2. Re: IPsec Virtual Tunnel Interface

    Robert Jacobs wrote:

    > I have recently been pointed in the direction of using an IPsec VTI to
    > route my traffic from site-to-site securely. I am very impressed by
    > the way it works, and want to implement this as soon as possible. The
    > one question I have is...Do I setup te IPsec VTI to transmit data over
    > my currently setup site-to-site VPN, or does it replace this VPN
    > connection?
    >
    > Thanks for the help!


    In my limited understanding IPSec is a scheme to enable a point to point
    encryption "tunnel" allowing traffic to pass securely/undecipherable.

    Commonly it would be used to create such a "tunnel" from one end point
    device (i.e.: a router) to another end point device (i.e.: another router)
    enabling all traffic running over that tunnel to do so securely.

    If you already have an IPSec VPN tunnel in place, why would you need to
    create another? How I use these IPSec tunnels from router to router is to
    establish a secure link from site A to site B and all network traffice from
    site A that passes to site B and vice vera does so securely.

    Hope this helps.


    bobmct

  3. Re: IPsec Virtual Tunnel Interface

    "bobmct" wrote in message
    news:QNSTh.1$y22.199@news.ntplx.net...
    > Robert Jacobs wrote:
    >
    >> I have recently been pointed in the direction of using an IPsec VTI
    >> to
    >> route my traffic from site-to-site securely. I am very impressed by
    >> the way it works, and want to implement this as soon as possible.
    >> The
    >> one question I have is...Do I setup te IPsec VTI to transmit data
    >> over
    >> my currently setup site-to-site VPN, or does it replace this VPN
    >> connection?
    >>
    >> Thanks for the help!

    >
    > In my limited understanding IPSec is a scheme to enable a point to
    > point
    > encryption "tunnel" allowing traffic to pass securely/undecipherable.
    >
    > Commonly it would be used to create such a "tunnel" from one end point
    > device (i.e.: a router) to another end point device (i.e.: another
    > router)
    > enabling all traffic running over that tunnel to do so securely.
    >
    > If you already have an IPSec VPN tunnel in place, why would you need
    > to
    > create another? How I use these IPSec tunnels from router to router
    > is to
    > establish a secure link from site A to site B and all network traffice
    > from
    > site A that passes to site B and vice vera does so securely.
    >
    > Hope this helps.
    >
    >
    > bobmct



    Why not just encrypt the traffic?

    --
    Travis in Shoreline Washington


  4. Re: IPsec Virtual Tunnel Interface

    On Apr 13, 4:42 pm, bobmct wrote:
    > Robert Jacobs wrote:
    > > I have recently been pointed in the direction of using an IPsec VTI to
    > > route my traffic from site-to-site securely. I am very impressed by
    > > the way it works, and want to implement this as soon as possible. The
    > > one question I have is...Do I setup te IPsec VTI to transmit data over
    > > my currently setup site-to-site VPN, or does it replace this VPN
    > > connection?

    >
    > > Thanks for the help!

    >
    > In my limited understanding IPSec is a scheme to enable a point to point
    > encryption "tunnel" allowing traffic to pass securely/undecipherable.
    >
    > Commonly it would be used to create such a "tunnel" from one end point
    > device (i.e.: a router) to another end point device (i.e.: another router)
    > enabling all traffic running over that tunnel to do so securely.
    >
    > If you already have an IPSec VPN tunnel in place, why would you need to
    > create another? How I use these IPSec tunnels from router to router is to
    > establish a secure link from site A to site B and all network traffice from
    > site A that passes to site B and vice vera does so securely.
    >
    > Hope this helps.
    >
    > bobmct


    Thank you for the reply, and sorry for the delay in response. The
    purpose of using VTIs is to enable a dynamic routing protocol and to
    change the route priority by setting metrics for specific routes. The
    problems I have been running into with the site-to-site VPN is that it
    doesn't assign this connection an "interface", so I can't use any
    eigrp metric modifiers. The site-to-site VPN IS a static route,
    however, it doesn't show up in the routing configuration...it just
    works somehow. I have been informed that this is normal and is the
    case for site-to-site VPNs, and I have been told that using VTIs would
    allow me to set up a dynamic routing protocol and set the priority of
    routes using metrics. I am assuming now, after a couple of responses
    here and there, that the VTIs DO actually take the place of the site-
    to-site VPN. I will be working on this shortly (within a couple of
    weeks), and will respond here if I run into anything unexpected, or to
    elaborate on the situation if needed.

    Robert


+ Reply to Thread