An overview of FlexVPN

 If you are studying for CCIE Security v4 Lab Exam or written for that matter, you need to brush up your skills & learn to test & deploy FlexVPNs. Not only in Lab studies, in production enviroment, FlexVPN is the cisco’s way of integrating all major VPNs into one Umbrella i.e FlexVPN or Unified Overlay VPN

FlexVPN is a way to combine multiple frameworks (crypto maps, ezvpn, DMVPN) into single, comprehensible set of CLI and bind it together with something offering more flexibility and means to extend functionality in future.

FlexVPN is Cisco’s implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct).FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm while remaining compatible with legacy VPN implementations using crypto maps.

flexvpn benefits

Benefits of FlexVPN/a Unified Overlay VPN :

  • FlexVPN can be run along all your previous/existing IPsec VPNs. Most scenarios will allow coexistence of Previous configuration and Flex.
  • FlexVPN is based on IKEv2 and not IKEv1, which improves almost all aspects of negotiation and protocol stability.
  • Using GRE over IPsec or VTI as encapsulation. GRE allows you to run almost anything over it.
  • IPsec provides security for payload.It supports IPv6 and IPv4 for transport and overlay protocol.
  • Multiple functionalities embedded with one framework .
  • Utilizing virtual interfaces – allowing per-spoke features like firewall, QoS, ACLs, etc.
  • Remote access server and client (software and hardware) – similar to ezvpn.
  • Dynamic spoke to spoke tunnels – familiar to everyone who knows DMVPN.
  • Ease of configuration by using IKEv2 smart defaults (see this blog post)- no longer will you need to define policies, transform sets etc, IKEv2 has built in defaults that make sense and will be updated.

You can learn more on FlexVPN in this Flex lab guide/handbook

PDF Editor    Send article as PDF   

Tags: , , ,


Fatal error: Uncaught CurlException: 60: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed thrown in /home/content/b/r/a/brainbump/html/wp-content/plugins/seo-facebook-comments/facebook/base_facebook.php on line 825