I am currently trying to configure a local hub VPN router (Cisco 2821) with IPSec VTI's which in turn will connect to remote
partner offices. The remote sites have traditional VPN's configurations configured using standard crypto maps. Phase 1 IKE completes succesfully
but phase 2 terminates with the error:
"no crypto map for remote peer <remote peer IP>"
With a traditional VPN from the hub VPN router this IPSec tunel comes up without a problem but as soon as we want to convert
to IPSec VTI's the IPSec tunnel can no longer be set up. Initial diagnostics seem to point to the fact that because the IPSec policy of the hub VPN router
VTI's no longer uses crypto ACL's that the remote peer no longer accepts the transform-proposal from the hub.
Are VTI's compatible with traditional crypto VPN's and if so does anybody have any reference documentation on them. I have read much of the Cisco docs on VTI's etc
but still do not have a clear idea on this compatability of these technologies.
Many thanks in advance