Site-to-site VPNs using IPsec can be implemented with the crypto maps or, when routed interface is needed, by GRE-tunnels. Virtual Tunnel Interfaces (VTIs) are a relatively late addition to Cisco IOS and eliminates the need for additional GRE overhead, while still providing the logical interface. Boštjan Šustar, in his third article about IPsec implementation in Cisco IOS, explains two implementation options of VTI – static and dynamic VTIs. While the first option is similar to point-to-point GREs, the dynamic option is an example of a typical remote-access implementation tool. In large site-to-site deployments the dynamic VTIs simplify management and ensure that the tunnels are always up, thus making this a site-to-site and not really a remote-access VPN.

Read more in the attached document

‹ back