View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0020 - Router EZVPN with Dynamic Virtual Tunnel Interface (DVTI)

Rating: 
0
No votes yet
Difficulty Level: 
3
Lab Document: 
<Please login to see the content>

The video desmonstrates the configuration of Easy VPN (EZVPN) using Dynamic Virtual Tunnel Interface (DVTI) on Cisco routers and explains its benefit over the conventional EZVPN with 'crypto map' or tunnel interface with GRE. Here we introduce the concept of Virtual-Template. The second half of the video shows example of additional features that you can implement with VTI using QoS and multicasting. 

Note:
  • DVTI can pass both unicast and multicast traffic
  • DVTI supports additional features that tie to interfaces, (eg. QoS, Firewall, NAT etc.)
  • DVTI essentially replaces dynamic crypto map
  • 24-byte of GRE header is saved as traffic is encapsulated in raw IPSec
  • What traffic will be carried over the IPSec tunnel is determined by routing instead of ACL matching.
  • Regardless of number of subnets passing over the tunnel, only one Security Association is created
Topic includes
  • DVTI with EZVPN
  • Interface Virtual-Template
  • QoS on DVTI
  • Multicast on DVIT

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.