IPset Network Segmentation Virtual Tunnel Interface (VTI) Encapsulating Security Payload (ESP) Network Address Translation (NAT) Source/Destination Check Subnet TLS Cipher Suite VPC 3DES Advanced Encryption Standard Autonomous System Border Gateway Protocol CIDR Clientpack Destination NAT Diffie-Helman Encryption Internet Key Exchange (IKE) IP Forwarding Maximum Transmission Unit (MTU) Network Sniffer OpenVPN Overlay Network Perfect Forward Secrecy (PFS) Security Association (SA) SHA SNMP Transmission Control Protocol (TCP) Transport Layer Security (TLS) User Datagram Protocol (UDP) VNS3 Peer VNS3 Routing Agent Wireguard Workforce Service Edge x509 Certificate Ipsec

Virtual Tunnel Interface (VTI)

IPsec virtual tunnel interfaces are used for route-based VPNs to provide a routable interface for terminating IPsec tunnels. This is in contrast to Policy Based VPNS which require configuration of explicit access-lists and crypto-maps. The VTI’s on either side of the tunnel allow the use of static routes to send traffic over the VPN tunnel, allowing for more easily failing out of the VPN, routing traffic elsewhere.

As an example, one side of the tunnel might have a VTI IP of 10.0.0.1/30 and the other 10.0.0.2/30 (they must be non-overlapping). One can ping 10.0.0.1 or 10.0.0.2 from a side to test connectivity over the tunnel. One can use static routes or dynamic routing protocols to run over the tunnel, such as BGP.