Re: IR800 EZVPN to Flexvpn? - Page 3

KGrev · ‎08-10-2023

Hi,

I've been troubleshooting my way into a hole here.

We have a few IR809G routers using EZVPN over cellular. They work fine but they are using ikev2. We are trying to upgrade them to ikev2. I see plenty of ways to enable ikev2 and configure it but we are using EZVPN.

Will ezvpn do ikev2? I'm not seeing an option to configure flexvpn.

KGrev · ‎09-26-2023

@Rob Ingramwe have a few hundred devices that authenticate with a local username stored on the ASA. When you monitor the remote connections they all show as the same name but with different ip's. Is there a way to setup a similar setup here where the ID or name of the router that it sends is the same over many routers so there is only 1 connection profile? Or am I misunderstanding?

Rob Ingram · ‎09-26-2023

@KGrev perhaps on the ASA you could match on DefaultL2LGroup instead of a custom TG per peer?...but that would mean you had to have the same PSK. It's easier and more elegant to achieve if the headend device was a router rather than an ASA.

KGrev · ‎09-26-2023

@Rob IngramI think I can deal with individual TG per peer. It wouldn't be too much manual input in the end. Question, for "protected networks" local and remote. What networks should I put here?

Rob Ingram · ‎09-26-2023

@KGrev protected networks? Are you referring to ASDM (I rarely use it, so cannot remember the syntax). As you are using tunnel interfaces then you do not need to specify the protected networks, you use a routing protocol or static routes. You'd only specify the protected network when using crypto maps (policy based VPN), which is the ACL specifying the source (local) and destination (remote) networks.