MicroNugget: How to Build IPsec Site-to-Site Tunnels Using VTIs

Показать описание

In this video, Keith Barker covers how to build and verify an IPSec site-to-site tunnel using virtual tunnel interfaces. He’ll walk through all of the elements you need to set up the tunnel, beginning with the theory behind it and then demonstrate a step-by-step configuration.

Setting up an IPSec Virtual Tunnel Interface (VTI) requires a few different elements. First, you’ll need an IKE Phase 1 Policy that is compatible with both routers. You’ll also need a transform set for the IPSec phase two, as well as an IPSec profile that you can apply to the tunnel interface. Setting up the tunnel interface itself requires going through a few different options, such as deciding whether you want to assign a logical IP address or leave the IP unnumbered. The process continues with specifying a source and a destination and then applying the IPSec profile that you created. Keith will give a brief overview of why these are needed and then demonstrate how to implement each piece of the puzzle.

Start learning with CBT Nuggets:

Рекомендации по теме

Комментарии

Hi Keith, thanks for short and quick video. I am a big fan of yours. I think you missed to show pre-shared key configuration in this video? I found it in Cisco document. My tunnel only came up when I configured pre-shared key.

RajivKumar-eexv

Hello Keith, I have a Cisco 2821 router with 5 sites it needs to be connected to with site to site ipsec. I have configured the tunnels exactly like you did in the video but they are very intermittent. The tunnels go up and down at random intervals. I remember when I used crypto maps I couldn't make one crypto map and set all 5 peers under that one, but instead I would have to create sub crypto maps with one peer each and that would work fine. Could this be an issue related to all 5 tunnels have the same source?

thehelipilot

hello Keith....by usig this method and not using the crypto maps...no need for access-list to encrypt traffic?

cristobalvallejosv

You specified the authentication method as pre shared key in the IKE policy, but I didn't see a pre shared key being defined. Is is the same syntax for other IPSec tunnels, i.e. "crypto isakmp key"?

cyazares

This is weird, my tunnel interfaces won't go up/up. Protocol is always down. I don't get it.

SoulJah

Hello Keith,
I noticed you didn't advertise the 15.0.0.0 or 35.0.0.0 networks in EIGRP, was that intentional or not.

Thanks for another great video.

ciskskid

Hi, where can I find the full series?

phoonjzc

Hello Keith, I couldnt understand the advantage of this... I guess same can be achieved by IPSEC over GRE or GRE over IPSEC, Is there any specific advantage ?

Regards,
VB

rvijaybhargav

MicroNugget: How to Build IPsec Site-to-Site Tunnels Using VTIs

MicroNugget: How to Build IPsec Site-to-Site Tunnels Using VTIs

MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets

IP Sec VPN Fundamentals

MicroNugget: How to Negotiate in IKE Phase 1 (IPsec)

Create an IPsec VPN tunnel using Packet Tracer - CCNA Security

What is IPsec?

MicroNugget: Site to Site IPsec VPNs using Virtual Tunnel Interfaces (VTIs)

MicroNugget: How to Make a VPN Connection Using SSTP

How to Create a Site-To-Site VPN Topology

IPSec Site to Site VPN tunnels

MicroNugget: How to Verify DMVPNs

MicroNugget: How to Configure Zones, VRs, and Interfaces

MicroNugget: How to Use Dynamic IPs Using FlexVPN and IKEv2

MicroNugget: BGP Configuration Explained | CBT Nuggets

MicroNugget: What is a Dynamic Multi-Point Virtual Private Network?

MicroNugget: What is Split Tunneling with Virtual Private Networks?

Basics of IPsec #networking

Learn how a business uses IPsec VPNs to protect their data. (You can too!)

Steps to Configure IPsec Tunnel VPN

MicroNugget: How to Build a CCNA Home Lab

MicroNugget: How to Map a Connection Profile on the ASA from a Certificate

Create a Cisco IPsec protected tunnel interface!

IPsec - IKE Phase 1 | IKE Phase 2

MicroNugget: How to Configure Fast Ethernet for OSPF