cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1948
Views
5
Helpful
5
Replies

FlexVPN vs DMVPN behavior. Advice?

CCampbell_2
Level 1
Level 1

So I'm testing FlexVPN and I've found, for me anyway, a pretty big deal breaker.

I can't ping, telnet, connect to in any way (other than routing protocol,which works fine), the "directly connected" network.

What I mean by that is say my Tunnel interface is 192.168.254.2 on one of my spokes, I can't connect to my hub at 192.168.254.1 or another spoke at 192.168.254.3.

Day to day this wouldn't be an issue but sometimes in the event of a network outage I need to be able to get in via my VPN backdoor.  So I'd go to 192.168.254.1 and telnet to 192.168.254.3 and wallah I'm in.  DMVPN this worked great and saved my bacon many times.  With FlexVPN this option is no longer available to me best I can tell.

Is this known behavior?  Is there a fix? Am I just doing something wrong?

Thanks

1 Accepted Solution

Accepted Solutions

Hi,

The ikev2 routing that you configured in your example is that on the hub and spokes, if so, can you make sure that the aaa authorization is also configured and mapped to the ikev2 profile, this is need to authorize the routes that are being pushed between the hub and spokes.

aaa new-model

aaa authorization network default local

crypto ikev2 profile FlexVPN

-aaa authorization group psk list default default

Then you will need to shut and no shut the tunnel interfaces to force the new ikev2 sessions.

Tarik Admani
*Please rate helpful posts*

[modified to make my thoughts much easier to understand]      

View solution in original post