GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: VTI VPN Interfaces - Experience [7:100609] posted 06/27/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi Richard. Are you making an assumption? Where does it state that? It
should not be the equivitlent. The packet size is much much smaller. Now
that GRE is not in the game.

Just wondering, im looking to get as much info as possible.

On 6/27/05, Richard Dumoulin  wrote:
>
> This is not transport but tunnel mode and it is equivalent to GRE + IPSec
> transport mode
>
> -- Richard
>
> -----Original Message-----
> From: Richard Tufaro
[mailto:richard.tufaro@xxxxxxxxx]
>
> Sent: Monday, June 27, 2005 3:30 PM
> To: cisco@xxxxxxxxxxxxxx
> Subject: Re: VTI VPN Interfaces - Experience [7:100609]
>
> Good points. But VTI's do have there place. Straight IPsec transport mode
> supporting Multicast without GRE. I like....why use GRE and have the
> overhead and fragmentation issues when you don't need too. Also the
> flexibility encryption and fragmentation flexibilities of VTI's are nice
> (peel off things not to be encrypted).
>
>
>
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide
> 09186a008041faef.html
>
> P.S. Dont be a dork.
>
> On 6/26/05, Joseph Rubino wrote:
> >
> > One of the main points of DMVPN is that it is very simple to deploy in
> > contrast to traditional IPSec VPN configuration. We have rolled out
> > something close to 600 DMVPN spokes and I am not sure what you mean by
> > complexity.
> >
> > The point of GRE is that you can send almost anything down the tunnel
> > where
> > IPSec VPN is IP only.
> >
> > Question; in the link provided in the beginning of this post and example
> > config is show with tu0 configured. What encapsulation does tu0 provide?
> >
> > Richard Tufaro wrote:
> > >
> > > no need for GRE. If you don't need the dynamic nature and
> > > complexity of
> > > DMVPN. VTI is a good alternative. And what i like about it is,
> > > you are
> > > losing the overhead of GRE. Which could account for a nice
> > > chunk of used
> > > bandwidth.
> > >
> > > On 6/26/05, Joseph Rubino wrote:
> > > >
> > > > VTI does not offer any advantage over DMVPN. I would look
> > > into DMVPN as
> > > > your solution.Baron Von Dew wrote:
> > > > >
> > > > > Hello all, has anyone had any experiance with VPN VTI
> > > > > interfaces? We
> > > > > are looking to move forward with a WAN design that would use
> > > > > them
> > > > > extensivly thoughout the WAN.
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> >
>
>
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper0900aecd8
> > > 029d629.shtml
> > > > >
> > > > > Thanks.
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it are
> confidential and solely for the use of the intended recipient. If you are
> not the intended recipient or the person responsible for delivering it to
> the intended recipient, be advised that you have received this email in
> error and that any dissemination, distribution, copying or use is strictly
> prohibited.
>
> If you have received this email in error, or if you are concerned with the
> content of this email please e-mail to: e-security.support@xxxxxxxxxx
>
> The contents of an attachment to this e-mail may contain software viruses
> which could damage your own computer system. While the sender has taken
> every reasonable precaution to minimise this risk, we cannot accept
> liability for any damage which you sustain as a result of software viruses.
> You should carry out your own virus checks before opening any attachments
to
> this e-mail.
> **********************************************************************




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=100694&t=100609
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html