Internet Key Exchange Version (IKEv2), a next-generation key management protocol based on RFC 4306, is an enhancement of the IKE Protocol. IKEv2 is used for performing mutual authentication and establishing and maintaining security associations (SAs).
FlexVPN is Cisco's implementation of the IKEv2 standard featuring a unified paradigm and CLI that combines site to site, remote access, hub and spoke topologies and partial meshes (spoke to spoke direct). FlexVPN offers a simple but modular framework that extensively uses the tunnel interface paradigm while remaining compatible with legacy VPN implementations using crypto maps.
This guide contains the following modules:
Configuring Internet Key Exchange Version 2 (IKEv2) and FlexVPN Site-to-Site
This module describes IKEv2 CLI required for FlexVPN site-to-site. The module is divided into basic and advanced sections.
The basic section introduces basic IKEv2 commands and describes IKEv2 smart defaults and the mandatory IKEv2 commands required for FlexVPN site-to-site. This module is a prerequisite for understanding subsequent chapters.
The advanced section describes global IKEv2 commands and how to override the default IKEv2 commands.