ASA tunnel internet over VPN
ASA tunnel internet over VPN In some circumstances organisations require routing internet traffic over an IPSec VPN back to the Data Centre and then access the internet from the Data…
Securing IOS-XE VPNs
Securing IOS-XE VPNs This post provides some guidelines in securing an IPSec VPN on a Cisco IOS-XE router to reduce the attack surface when acting as a VPN gateway. Disable…
IOS-XE FlexVPN Remote Access VPN
In this example FlexVPN Remote Access VPN users will authenticate to the Hub router using RSA certificates. Using the IKEv2 Name Mangler feature, the organisation-unit (OU) value will be extracted…
IOS-XE FlexVPN Client Profile
The FlexVPN client profile is an optional component used on the spoke (client) routers, which consists of settings used to connect to the FlexVPN server (hub) gateway, including the following:…
IOS-XE FlexVPN IKEv2 Routing
On Cisco IOS-XE routers, FlexVPN supports the use of Dynamic Routing protocols such as EIGRP, BGP and OSPF. FlexVPN also has the ability to advertise routes in the IKEv2 Security…
IOS-XE FlexVPN Dynamic VTI
In a FlexVPN Hub and Spoke design, spoke routers are configured with a normal Static Virtual Tunnel Interface (VTI) with the tunnel destination of the Hub’s IP address, the Hub…