Site to Site VPN SVTI vs GRE Configuration

Get 30% off with: You can use promo code: OSCAROGANDO2 Follow Me on Twitter:


Starting in version 12.3T (which is some time ago), Cisco started offering an alternative for configuring IOS based VPN’s. This method is called SVTI, or static virtual tunnel interfaces. SVTI is one category of VTI that is basically a configuration alternative for Lan to Lan VPNs. There is also a variant called DVTI, or dynamic virtual tunnel interface, that is a alternative for remote access VPNs. From the perspective of the wire, SVTI based VPN packets look similar to traditional “crypto-map” based VPN traffic. However, the configuration is based on a virtual interface as opposed to using crypto map based configuration. This virtual interface gives some distinct advantages. Additionally, the use of this configuration modifies the phase 2 sa’s to match all traffic. Any traffic steered through this virtual interface is encrypted based on an encryption profile.Before we get into the specific advantages, let’s first look at a VTI configuration example. I created a very simple example in GNS3 that demonstrates the syntax of the configuration.


IP Security (IPSec) Virtual Private Networks (VPNs) and Generic Routing Encapsulation (GRE) tunnels are both methods for transferring data across public, intermediary networks, such as the Internet. However, there are considerable differences between the two technologies. Let’s start with a brief overview.

Share the Post:

Related Posts

Help Us By Donating