IPsec Virtual Tunnel Interface

I have recently been pointed in the direction of using an IPsec VTI to
route my traffic from site-to-site securely. I am very impressed by
the way it works, and want to implement this as soon as possible. The
one question I have is...Do I setup te IPsec VTI to transmit data over
my currently setup site-to-site VPN, or does it replace this VPN
connection?

Thanks for the help!

Robert Jacobs wrote:

> I have recently been pointed in the direction of using an IPsec VTI to
> route my traffic from site-to-site securely. I am very impressed by
> the way it works, and want to implement this as soon as possible. The
> one question I have is...Do I setup te IPsec VTI to transmit data over
> my currently setup site-to-site VPN, or does it replace this VPN
> connection?
>
> Thanks for the help!

In my limited understanding IPSec is a scheme to enable a point to point
encryption "tunnel" allowing traffic to pass securely/undecipherable.

Commonly it would be used to create such a "tunnel" from one end point
device (i.e.: a router) to another end point device (i.e.: another router)
enabling all traffic running over that tunnel to do so securely.

If you already have an IPSec VPN tunnel in place, why would you need to
create another? How I use these IPSec tunnels from router to router is to
establish a secure link from site A to site B and all network traffice from
site A that passes to site B and vice vera does so securely.

Hope this helps.


bobmct

"bobmct" <(E-Mail Removed)> wrote in message
news:QNSTh.1$(E-Mail Removed)...
> Robert Jacobs wrote:
>
>> I have recently been pointed in the direction of using an IPsec VTI
>> to
>> route my traffic from site-to-site securely. I am very impressed by
>> the way it works, and want to implement this as soon as possible.
>> The
>> one question I have is...Do I setup te IPsec VTI to transmit data
>> over
>> my currently setup site-to-site VPN, or does it replace this VPN
>> connection?
>>
>> Thanks for the help!
>
> In my limited understanding IPSec is a scheme to enable a point to
> point
> encryption "tunnel" allowing traffic to pass securely/undecipherable.
>
> Commonly it would be used to create such a "tunnel" from one end point
> device (i.e.: a router) to another end point device (i.e.: another
> router)
> enabling all traffic running over that tunnel to do so securely.
>
> If you already have an IPSec VPN tunnel in place, why would you need
> to
> create another? How I use these IPSec tunnels from router to router
> is to
> establish a secure link from site A to site B and all network traffice
> from
> site A that passes to site B and vice vera does so securely.
>
> Hope this helps.
>
>
> bobmct


Why not just encrypt the traffic?

--
Travis in Shoreline Washington

On Apr 13, 4:42 pm, bobmct <b...@worthless.info> wrote:
> Robert Jacobs wrote:
> > I have recently been pointed in the direction of using an IPsec VTI to
> > route my traffic from site-to-site securely. I am very impressed by
> > the way it works, and want to implement this as soon as possible. The
> > one question I have is...Do I setup te IPsec VTI to transmit data over
> > my currently setup site-to-site VPN, or does it replace this VPN
> > connection?
>
> > Thanks for the help!
>
> In my limited understanding IPSec is a scheme to enable a point to point
> encryption "tunnel" allowing traffic to pass securely/undecipherable.
>
> Commonly it would be used to create such a "tunnel" from one end point
> device (i.e.: a router) to another end point device (i.e.: another router)
> enabling all traffic running over that tunnel to do so securely.
>
> If you already have an IPSec VPN tunnel in place, why would you need to
> create another? How I use these IPSec tunnels from router to router is to
> establish a secure link from site A to site B and all network traffice from
> site A that passes to site B and vice vera does so securely.
>
> Hope this helps.
>
> bobmct

Thank you for the reply, and sorry for the delay in response. The
purpose of using VTIs is to enable a dynamic routing protocol and to
change the route priority by setting metrics for specific routes. The
problems I have been running into with the site-to-site VPN is that it
doesn't assign this connection an "interface", so I can't use any
eigrp metric modifiers. The site-to-site VPN IS a static route,
however, it doesn't show up in the routing configuration...it just
works somehow. I have been informed that this is normal and is the
case for site-to-site VPNs, and I have been told that using VTIs would
allow me to set up a dynamic routing protocol and set the priority of
routes using metrics. I am assuming now, after a couple of responses
here and there, that the VTIs DO actually take the place of the site-
to-site VPN. I will be working on this shortly (within a couple of
weeks), and will respond here if I run into anything unexpected, or to
elaborate on the situation if needed.

Robert