Greetings!
This is a kickoff post for a series demonstrating the capabilities of FlexVPN server.
Since we’re building up this sample network from a clean sheet of paper, we’re going all in. We’re going to build ourselves a solid foundation, and then up the ante with high availability and integration with Identity Services Engine down the road.
The base build is going to use Next Generation Encryption (NGE), Elliptic curve certificates, and overlay routing design. We’ll also demonstrate how we can support a site with an older design (firewall w/crypto maps) with the exact same head end.
In this installment, we’re going to review the routing design, cryptography suite selection, and enroll our devices with shiny 384 bit elliptic curve certificates.
Included at the end of this post are links to useful documents.
Contents
Resources:
Cisco Next Generation Encryption Techology Document
Tim Glen breaks down Diffie Hellman Groups
Great video series but what happened to the next video? I can’t see it on youtube.. Don’t mean to be demanding but I was getting used to being spoiled with these videos. I guess i checkout the Cisco flexvpn documentation for configuring the IKEv2 profiles.