Virtual Tunnel Interface is a Cisco technology that basically allows you to have IPSEC tunnels. This is easier compared to site to site tunnel which needs lot of work, and troubleshooting also is very complex.
Below are the configuration steps for setting up VTI in Cisco
crypto isakmp policy 100
encr 1des
authentication pre-share
group 1
crypto ipsec transform-set VTI-TS esp-3des esp-md5-hmac
crypto ipsec profile VTI
set transform-set VTI-TS
interface Tunnel0
ip address 192.168.1.1 255.255.255.252
tunnel source <Local ISP IP>
tunnel destination <Remote ISP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
crypto isakmp key Psk@PSK address <Remote ISP>
Remote Router
interface Tunnel0
ip address 192.168.1.2 255.255.255.252
tunnel source <Local ISP IP>
tunnel destination <Remote ISP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
Rest of the configuration is same. You need to assign local ISP interface IP and Remote ISP interface IP accordingly.
Once this is done, you will be able to ping 192.168.1.1 and 192.168.1.2 eachother. Then add any dynamic routing protocol for easy routing.
Below are the configuration steps for setting up VTI in Cisco
crypto isakmp policy 100
encr 1des
authentication pre-share
group 1
crypto ipsec transform-set VTI-TS esp-3des esp-md5-hmac
crypto ipsec profile VTI
set transform-set VTI-TS
interface Tunnel0
ip address 192.168.1.1 255.255.255.252
tunnel source <Local ISP IP>
tunnel destination <Remote ISP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
crypto isakmp key Psk@PSK address <Remote ISP>
Remote Router
interface Tunnel0
ip address 192.168.1.2 255.255.255.252
tunnel source <Local ISP IP>
tunnel destination <Remote ISP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
Rest of the configuration is same. You need to assign local ISP interface IP and Remote ISP interface IP accordingly.
Once this is done, you will be able to ping 192.168.1.1 and 192.168.1.2 eachother. Then add any dynamic routing protocol for easy routing.
