03-23-2021 07:10 PM
Is a route-based VPN using IKEv2 supported on ASR1001X? If yes, can someone share a a basic config template or link for instructions? I'm having a hard time finding anything online for this scenario and specific requirements.
hash-sha256
authentication-PSK
group-14
lifteime-3600
encryption-aes
Solved! Go to Solution.
03-29-2021 11:24 PM
You can use either. If you use the ikev2 keyring you could specify different PSK per spoke/peer. Or if you defined the PSK under the ikev2 profile, then that PSK would apply to all connections.
HTH
03-23-2021 08:01 PM
Hi
You can check this link for examples:
Examples are based on ikev1 but you can change the crypto to be in ikev2.
03-24-2021 02:04 AM - edited 03-24-2021 02:06 AM
Route-based IKEv2 VPNs on a Cisco router is referred to as FlexVPN.
The reference link below has guides with configuration for different scenarios.
https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html
Refer to this guide the information on the latest algorithms to use in the VPN
https://tools.cisco.com/security/center/resources/next_generation_cryptography
03-29-2021 09:09 PM
Thanks for the links but something remains unclear. If I want to use a pre-shared key with FlexVPN, then do I use the Keyring feature or the commands below under IKEv2 profile?
crypto ikev2 keyring abc
peer x.x.x.x
address x.x.x.x
pre-shared-key XYZ
OR
crypto ikev2 profile testprofile
match identity remote address 1.1.1.1
identity local address abcd
authentication local pre-share ????
authentication remote pre-share ????
03-29-2021 11:24 PM
You can use either. If you use the ikev2 keyring you could specify different PSK per spoke/peer. Or if you defined the PSK under the ikev2 profile, then that PSK would apply to all connections.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide