PA support SVTI

Reply

PA support SVTI

Hi @reaper 

 

Do palo alto support SVTI like Cisco.


SVTI configurations can be used for site-to-site connectivity in which a tunnel provides always-on access between two sites. The advantage of using SVTIs as opposed to crypto map configurations is that users can enable dynamic routing protocols on the tunnel interface without the extra 4 bytes required for GRE headers, thus reducing the bandwidth for sending encrypted data.

 

https://networklessons.com/cisco/ccie-routing-switching-written/ipsec-static-virtual-tunnel-interfac...

 

Regards

Venky

 

 

Community Manager

Re: PA support SVTI

Hi @Venkatesan_radhakrishnan 

 

What you describe is the transition for Cisco from GRE based tunnels to IPSec based tunnels (this happened somewhere around 2004)

Our default VPN is IPSec based and uses virtual tunnel interfaces

 

In PAN-OS 9.0 we added GRE support to be backward compatible to pre-ipsec devices ;)


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!