VPN DVTI tunnel source
When configuring VPNs using a Dynamic Virtual Tunnel Interface (DVTI), it is unnecessary to use the tunnel source
command. When creating a static VTI, you must bind that VTI to a physical interface. However, when creating a dynamic VTI, you create a virtual template that is not associated with any physical interface. Whenever a new IPSec session is needed, the router automatically creates a virtual access interface that is cloned from the virtual template. This can occur on any of the router’s interfaces, so there is no single interface that is the tunnel’s source.
Links
https://forum.networklessons.com/t/flexvpn-hub-and-spoke/13362/14?u=lagapides
https://networklessons.com/cisco/ccie-routing-switching-written/ipsec-vti-virtual-tunnel-interface
https://networklessons.com/cisco/ccie-enterprise-infrastructure/flexvpn-hub-and-spoke