Cisco’s FlexVPN is a framework to configure IPSEC VPN’s on newer Cisco IOS devices, it was created to simplify the deployment of VPN solutions. It uses a common configuration template for all VPN types. FlexVPN is based on IKEv2 and does not support IKEv1. IKEv2 is a spoke and hub VPN technology. Example: R1 is the HUB, R2 & R3 are the spokes. We’ll use EIGRP as the routing protocol. Starting with the HUB, R1: !ipsec transform set crypto ipsec…
GETVPN is Cisco’s implementation of the GDOI standard (Group Domain of Interpretation). GDOI was originally created to allow for a less-cumbersome way to encrypt multicast traffic, an alternative to GRE over IPSEC tunnels. These days, GETVPN is used for private networks like MPLS where you use a single Security Association for all routers in a group. It gets around traditional IPSEC’s scaling issue (IPSEC being point to point) by issuing a single IPSEC SA for all routers in the group….
Site to Site VPN tunnels can be authenticated by using digital certificates instead of using pre-shared keys. With certificates, each peer gets a certificate from a centralized CA (certificate authority). When peers want to use IPsec they exchange the certificates to authenticate. The biggest advantage of using certificate based VPN’s is they are easier to scale up. Let’s say you have a home office and 3 branch offices connected via site to site VPN’s, and these VPN’s are protected using…