IOS-XE VPN PSK authentication using IKE ID
When using pre-shared key (PSK) authentication on a Site-to-Site VPN using Cisco IOS-XE routers, the IP address of the egress interface is used to match the PSK and authenticate the…
Securing IOS-XE VPNs
Securing IOS-XE VPNs This post provides some guidelines in securing an IPSec VPN on a Cisco IOS-XE router to reduce the attack surface when acting as a VPN gateway. Disable…
IOS-XE FlexVPN Remote Access VPN
In this example FlexVPN Remote Access VPN users will authenticate to the Hub router using RSA certificates. Using the IKEv2 Name Mangler feature, the organisation-unit (OU) value will be extracted…
IOS-XE FlexVPN Client Profile
The FlexVPN client profile is an optional component used on the spoke (client) routers, which consists of settings used to connect to the FlexVPN server (hub) gateway, including the following:…
IOS-XE FlexVPN IKEv2 Routing
On Cisco IOS-XE routers, FlexVPN supports the use of Dynamic Routing protocols such as EIGRP, BGP and OSPF. FlexVPN also has the ability to advertise routes in the IKEv2 Security…
IOS-XE FlexVPN Dynamic VTI
In a FlexVPN Hub and Spoke design, spoke routers are configured with a normal Static Virtual Tunnel Interface (VTI) with the tunnel destination of the Hub’s IP address, the Hub…