![]() ![]() Spoke selects a particular IKEv2 profile based on its interface’s IPSec profile.This is how IKEv2 profile is used on the initiating side (Spoke): Tunnel protection ipsec profile IPSEC - CLOUD - 1 The details of IP address assignment will be discussed in the following sections. IP address for SVTI could be defined statically or assigned by the Hub. Spoke’s SVTI will have both source, destination and FVRF name defined. To get things started you’d need to setup a static VTI (SVTI) on the Spoke and Dynamic VTI (DVTI) on the Hub. Tunnel mode could be either ipsec ipv4 or gre, however NHRP protocol only works over GRE so we’ll stick with the default mode. ![]() Both Hubs and Spokes use Virtual Tunnel Interfaces (VTIs) to setup direct communication channels over the WAN. Let’s start with the most basic configuration construct – a tunnel interface. Throughout this section, if configuration is the same for both FlexVPN clouds, I will only include examples for one of them. Ikev2 name mangler full#Instead of providing the full show run outputs here, I’ve decided to split FlexVPN configuration into a number of small building blocks and examine them separately.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |