IOS-XE Network Address Translation
This post discusses the configuration of Network Address Translation (NAT) on Cisco IOS/IOS-XE routers. Overview Network Address Translation (NAT) provides the ability to translate an IP address to another IP…
IOS-XE Configuration Archive
Cisco IOS-XE devices have a configuration archive functionality to store and manage configuration files, with a rollback capability. Configurations can be automatically backed up locally or to a remote server…
IOS-XE FlexVPN L2TPv3
Cisco routers can extend Layer 2 networks securely over a FlexVPN IPSec VPN tunnel, which allows for physically separate devices to be on same local LAN/network. This post describes the…
IOS-XE VPN PSK authentication using IKE ID
When using pre-shared key (PSK) authentication on a Site-to-Site VPN using Cisco IOS-XE routers, the IP address of the egress interface is used to match the PSK and authenticate the…
Securing IOS-XE VPNs
Securing IOS-XE VPNs This post provides some guidelines in securing an IPSec VPN on a Cisco IOS-XE router to reduce the attack surface when acting as a VPN gateway. Disable…
IOS-XE FlexVPN Remote Access VPN
In this example FlexVPN Remote Access VPN users will authenticate to the Hub router using RSA certificates. Using the IKEv2 Name Mangler feature, the organisation-unit (OU) value will be extracted…