Hello,
very nice lesson and well explained. I would just need a clarification here.
In all FlexVPN examples, the tunnel mode you are using is the default one. This means GRE. I tried the labs with a small change under the tunnel interfaces and virtual-templates:
tunnel mode ipsec ipv4
This leads to a direct IPSec encapsulation avoiding the GRE overhead. However, the spoke to spoke direct connectivity is not working. The NHRP redirection fails completely. Hub and spoke communication and spoke to spoke via the hub is fine though.
I am wondering if this is related to my specific software image or it is a normal behavior. Maybe NHRP is only working with GRE encapsulation like we do with classic DMVPN? Any thoughts on this would be much appreciated?
Thanks