Last Published Date: March 28, 2014
Internet Key Exchange
Version 2 (IKEv2), a next-generation key management protocol based on RFC 4306,
is an enhancement of the IKE Protocol. IKEv2 is used for performing mutual
authentication and establishing and maintaining security associations (SAs).
FlexVPN is Cisco's
implementation of the IKEv2 standard featuring a unified paradigm and CLI that
combines site to site, remote access, hub and spoke topologies and partial
meshes (spoke to spoke direct). FlexVPN offers a simple but modular framework
that extensively uses the tunnel interface paradigm while remaining compatible
with legacy VPN implementations using crypto maps.
This guide contains
the following modules:
Configuring Internet Key Exchange Version 2 (IKEv2) and FlexVPN Site-to-Site
This module describes IKEv2 CLI required for FlexVPN site-to-site. The module is divided into basic and advanced sections.
The basic section introduces basic IKEv2 commands and describes IKEv2 smart defaults and the mandatory IKEv2 commands required for FlexVPN site-to-site. This module is a prerequisite for understanding subsequent chapters.
The advanced section describes global IKEv2 commands and how to override the default IKEv2 commands.