FlexVPN Remote Access VPN using EAP Authentication via Cisco Identity Services Engine (ISE)

FlexVPN Remote Access VPN using EAP Authentication via Cisco Identity Services Engine (ISE)

ISE, VPN
This is one of the many scenarios covered in Lab technology guides section HERE , we will setup an AnyConnect Client connected to an IOS device using IKEv2 with EAP as an authentication method for Client. Responder or IOS device must use Certificate for authentication. We will perform User Authentication using EAP. AnyConnect Client user will be configured on RADIUS Server (Cisco Identity Services Engine ) in this case & authentication and authorization will be performed accordingly. We will use a Windows XP host with AnyConnect Secure Mobility Client v4 Installed to perform this scenario based on below sample topology diagram Here's the snippet of ISE configuration steps: Setup Network Device in ISE  for HQ RTR Under  Administration -> Network Resources -> Network Devices Create RA VPN user as and…
Read More
FlexVPN IKEv2 Smart Defaults

FlexVPN IKEv2 Smart Defaults

VPN
IKEv2 Smart Defaults feature minimizes the FlexVPN configuration by covering most of the use cases. IKEv2 smart defaults can be customized for specific use cases, though this is not recommended.The following rules apply to the IKEv2 Smart Defaults feature: A default configuration is displayed in the corresponding show command with default as a keyword and with no argument. For example, the show crypto ikev2 proposal default command displays the default IKEv2 proposal and the show crypto ikev2 proposal command displays the default IKEv2 proposal, along with any user-configured proposals.  A default configuration is displayed in the show running-config all command; it is not displayed in the show running-config command.  You can modify the default configuration, which is displayed in the show running-config all command.  A default configuration can be disabled…
Read More
FlexVPN Overview

FlexVPN Overview

VPN
If you are studying for CCIE Security  Lab Exam or written for that matter, you need to brush up your skills & learn to test & deploy FlexVPNs. Not only in Lab studies, in production enviroment, FlexVPN is the cisco’s way of integrating all major VPNs into one Umbrella i.e FlexVPN or Unified Overlay VPN FlexVPN is a way to combine multiple frameworks (crypto maps, ezvpn, DMVPN) into single, comprehensible set of CLI and bind it together with something offering more flexibility and means to extend functionality in future. FlexVPN is Cisco’s implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct).FlexVPN offers a simple but modular framework that extensively uses…
Read More