3.11 FlexVPN – Flex Server w/Next Generation Encryption. Routing Design, Device enrollment

Greetings!

This is a kickoff post for a series demonstrating the capabilities of FlexVPN server.

Since we’re building up this sample network from a clean sheet of paper, we’re going all in.  We’re going to build ourselves a solid foundation, and then up the ante with high availability and integration with Identity Services Engine down the road.

The base build is going to use Next Generation Encryption (NGE), Elliptic curve certificates, and overlay routing design.  We’ll also demonstrate how we can support a site with an older design (firewall w/crypto maps) with the exact same head end.

In this installment, we’re going to review the routing design, cryptography suite selection, and enroll our devices with shiny 384 bit elliptic curve certificates.

Included at the end of this post are links to useful documents.

 

Resources:

Great slide deck on FlexVPN

Densemode Labbing Topology 1

Cisco Next Generation Encryption Techology Document

Tim Glen breaks down Diffie Hellman Groups

RFC 6379: Suite B Cryptographic Suites for IPsec

Elliptic Curve Cryptography

One thought on “3.11 FlexVPN – Flex Server w/Next Generation Encryption. Routing Design, Device enrollment

  1. Great video series but what happened to the next video? I can’t see it on youtube.. Don’t mean to be demanding but I was getting used to being spoiled with these videos. I guess i checkout the Cisco flexvpn documentation for configuring the IKEv2 profiles.

Leave a Reply