This works well when each spoke router has a static public IP address. I am using a different pre-shared key for each peer. In this lesson, I’ll show you how to configure DVTI on a hub and static VTIs on the spokes. On the spoke routers, we only have an IPSec session with the hub so we use static VTIs with a normal tunnel interface. This makes it really easy to create lots of IPSec sessions with remote peers. These are all copied to the virtual access interfaces. You can add access-lists, policy-maps for QoS, etc. The virtual template can include pretty much everything you would use on a regular interface. Whenever a new IPSec session is needed, the router automatically creates a virtual access interface that is cloned from the virtual template. With DVTI, we use a single virtual template on our hub router. In hub and spoke topologies, we can use VTIs (Virtual Tunnel Interface) to simplify our configuration. Configuring IPSec tunnels can be an administrative nightmare if you have a lot of remote peers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |