FlexVPN Hub Spoke using AAA + Clientless SSLVPN

Get 30% off with: You can use promo code: OSCAROGANDO2
Follow Me on Twitter:


The AAA feature allows you to verify the identity of, grant access to, and track the actions of users managing the Cisco CG-OS router. The Cisco CG-OS router supports Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+) protocols.

Based on the user ID and password combination that you provide, the Cisco CG-OS router performs local authentication or authorization using the local database or remote authentication or authorization using one or more AAA servers. A pre-shared secret key provides security for communication between the Cisco CG-OS router and AAA servers. You can configure a common secret key for all AAA servers or for only a specific AAA server.
Cisco IOS FlexVPN is a unified VPN solution and provides the following benefits:

● Transport network: FlexVPN can be deployed either over a public internet or a private Multiprotocol Label Switching (MPLS) VPN network.

● Deployment style: Designed for the concentration of both site-to-site and remote access VPNs, one single FlexVPN deployment can accept both types of connection requests at the same time.

● Failover redundancy: Three different kinds of redundancy model can be implemented with FlexVPN:

◦ Dynamic routing protocols (such as Open Shortest Path First [OSPF], Enhanced Interior Gateway Routing Protocol [EIGRP], Border Gateway Protocol [BGP]) over FlexVPN tunnels. Path/head-end selection is based on dynamic routing metrics.

◦ IKEv2-based dynamic route distribution and server clustering.

◦ IPsec/IKEv2 active/standby stateful failover between two chassis (available in the future).

● Third-party compatibility: As the IT world transitions to cloud- and mobile-based computing, more and more VPN routers and VPN endpoints from different vendors are required. The Cisco IOS FlexVPN solution provides compatibility with any IKEv2-based third-party VPN vendors, including native VPN clients from Apple iOS and Android devices.

● IP Multicast support: FlexVPN natively supports IP Multicast in two ways:

◦ FlexVPN hub router replicates IP Multicast packets for each spoke.

◦ If the transport network supports native IP Multicast, the FlexVPN hub router can choose to have the transport network do multicast packet replication after IPsec encryption (available in the future).

● Superior quality of service (QoS): The architecture of Cisco IOS FlexVPN easily allows hierarchical QoS to be integrated at the per tunnel or per SA basis:

◦ Per tunnel QoS for each spoke at the FlexVPN hub router.

Share the Post:

Related Posts

Help Us By Donating