Which three statements about IPsec VTIs are true? (Choose three.)
A. IPsec sessions require static mapping to a physical interface.
B. They can send and receive multicast traffic.
C. They can send and receive traffic over multiple paths.
D. They support IP routing and ACLs.
E. They can send and receive unicast traffic.
F. They support stateful failover.
B C E
The IPsec VTI allows for the flexibility of sending and receiving both IP unicast and multicast encrypted traffic on any physical interface, such as in the case of multiple paths. Traffic is encrypted or decrypted when it is forwarded from or to the tunnel interface and is managed by the IP routing table. Using IP routing to forward the traffic to the tunnel interface simplifies the IPsec VPN configuration compared to the more complex process of using access control lists (ACLs) with the crypto map in native IPsec configurations. DVTIs function like any other real interface so that you can apply quality of service (QoS), firewall, and other security services as soon as the tunnel is active.