Securing IOS-XE VPNs
Securing IOS-XE VPNs This post provides some guidelines in securing an IPSec VPN on a Cisco IOS-XE router to reduce the attack surface when acting as a VPN gateway. Disable…
IOS-XE FlexVPN Remote Access VPN
In this example FlexVPN Remote Access VPN users will authenticate to the Hub router using RSA certificates. Using the IKEv2 Name Mangler feature, the organisation-unit (OU) value will be extracted…
IOS-XE FlexVPN Client Profile
The FlexVPN client profile is an optional component used on the spoke (client) routers, which consists of settings used to connect to the FlexVPN server (hub) gateway, including the following:…
IOS-XE FlexVPN IKEv2 Routing
On Cisco IOS-XE routers, FlexVPN supports the use of Dynamic Routing protocols such as EIGRP, BGP and OSPF. FlexVPN also has the ability to advertise routes in the IKEv2 Security…
IOS-XE FlexVPN Dynamic VTI
In a FlexVPN Hub and Spoke design, spoke routers are configured with a normal Static Virtual Tunnel Interface (VTI) with the tunnel destination of the Hub’s IP address, the Hub…
IOS-XE FlexVPN Static VTI
Cisco IOS-XE routers support various types of secure IPSec VPN's including Static Virtual Tunnel Interfaces (SVTI), which is a route based VPN commonly referred to as FlexVPN. With a FlexVPN…