Cisco supports many VPN types and most of them require different configurations, show commands, and debug commands. Each VPN type also supports different features. If you want to see what I am talking about, take a look at some of these examples:
- Cisco IPSec Tunnel Mode
- Encrypted GRE tunnel with IPSec
- IPSec Static Virtual Tunnel Interface
- IPSec Virtual Tunnel Interface
- DMVPN Phase 1 Basic Configuration
FlexVPN is Cisco’s solution to simplify VPN deployments and covers all VPN types. For example:
- Site-to-site
- Hub and spoke (including spoke-to-spoke traffic).
- Remote access
The only VPN type that FlexVPN doesn’t cover is GETVPN.
FlexVPN uses IKEv2 for all VPN types. IKEv2 is the successor of IKEv1 and has some interesting features:
- More secure than IKEv1 because it supports the latest Suite B cryptographic algorithms.
- Built-in support for dead peer detection (DPD) and NAT-Traversal.
- Combined IKEv1 main and aggressive modes into one method called “initial”.
- Supports native routing.
- Besides certificates and PSKs, also supports EAP authentication.
- XAUTH is replaced by EAP tunneling.
You can read more about IKEv2 in RFC 7296.