FlexVPN Configuration Blocks Tidbit

Here is a quick overview of the building blocks you need in order to configure a FlexVPN:

*Remember that FlexVPN uses IKEv2 as its standard.


IKEv2 Proposal: think HAGLE (hash, authentication, dh group, lifetime, encryption). Your proposal defines what you are trying to use during negotiation with the remote side when attempting to establish an IKE phase 1 tunnel security association.

IKEv2 Policy: the policy essentially binds the already configured proposal to a local interface address.


The next two blocks depend on what you choose to use for peer authentication:

IKEv2 Keyring: simply configures/declares a pre-shared key, which can be symmetric or asymmetric for authentication.


Trustpoint: think more secure and an advanced tool for authentication via PKI. Essentially configures identity and CA attributes.


IKEv2 Profile: this step is a collection of every config block to thus point that is NONNEGOTIABLE. Items configure here include the remote peer address and authentication method. Note, that you will bind either the keyring or trustpoint in your profile (all of which depends on which one you choose for authentication).


IPsec Transform Set: declares acceptable combinations of security protocols and algorithms you will use to form your IPsec tunnel security association.


IPsec Profile: This is the final configuration block for FlexVPN that binds everything together. Within the IPsec profile you reference the IPsec transform set and your IKEv2 Profile containing your NONNEGOTIABLE parameters. This gets assigned to an interface.


Cheers!

0 comments

Recent Posts

See All

Troubleshooting FMC Policy Deployment Tidbit

In this tidbit I want to share some tips on how to troubleshoot FMC policy deployment errors. It is important to understand that the policy deployment is broken down into the following phases: Phase

HTTP Methods & Status Codes Tidbit

In this tidbit I want to touch on different types of HTTP Methods & the types of HTTP status codes you may encounter when consuming APIs in regard to automation. HTTP Methods: GET = get user info PATC

FMC & FTD Communication/Registration Tidbit

In this tidbit I want to cover the basics in regard to FTD & FMC registration. I also intend on covering how the two communicate with each other as this can be helpful when having registration issues