FlexVPN to Cisco IOS-XE
FlexVPN to Cisco IOS-XE
FlexVPN - modern Cisco VPN solution на базе IKEv2 для Site-to-Site и Remote Access scenarios.
Сценарий
- Modern Cisco Integration: VyOS ↔ Cisco IOS-XE
- IKEv2 только (no IKEv1 legacy)
- Certificate-based или PSK authentication
VyOS Configuration
# IKE Group (IKEv2)
set vpn ipsec ike-group FLEXVPN key-exchange 'ikev2'
set vpn ipsec ike-group FLEXVPN proposal 1 encryption 'aes256gcm128'
set vpn ipsec ike-group FLEXVPN proposal 1 hash 'sha256'
# VTI
set interfaces vti vti10 address '172.16.255.1/30'
# Peer
set vpn ipsec site-to-site peer 203.0.113.10 vti bind 'vti10'Cisco IOS-XE Configuration
crypto ikev2 proposal FLEX-PROP
encryption aes-gcm-256
prf sha256
group 14
crypto ikev2 profile FLEX-PROF
match identity remote address 198.51.100.1
authentication local pre-share key SecureKey
authentication remote pre-share key SecureKey
interface Tunnel10
ip address 172.16.255.2 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel destination 198.51.100.1
tunnel protection ipsec profile FLEX-IPSEC