https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336762#M969405 <P>Dears,</P> <P>I have a IKEv1 tunnels to another companies, I have been told to move to Ikev2, is there any secuorty loop holes in IKEv1 or the advisor is only asking for additional features in ikev2.</P> <P>&nbsp;</P> <P>I want to know what are the enhance security features in ikev2 rather than ikev1</P> <P>&nbsp;</P> <P>thanks</P> Fri, 21 Feb 2020 15:24:58 GMT adamgibs7 2020-02-21T15:24:58Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336762#M969405 <P>Dears,</P> <P>I have a IKEv1 tunnels to another companies, I have been told to move to Ikev2, is there any secuorty loop holes in IKEv1 or the advisor is only asking for additional features in ikev2.</P> <P>&nbsp;</P> <P>I want to know what are the enhance security features in ikev2 rather than ikev1</P> <P>&nbsp;</P> <P>thanks</P> Fri, 21 Feb 2020 15:24:58 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336762#M969405 adamgibs7 2020-02-21T15:24:58Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336791#M969406 <P>Hi, IKEv2 is more secure than IKEv1 - it supports NGE (Next Generation Encryption), it supports asyncronous authentication and it's also faster as it exchanges less messages to setup SA.</P> <P>&nbsp;</P> <P>HTH</P> Fri, 23 Feb 2018 17:30:22 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336791#M969406 Rob Ingram 2018-02-23T17:30:22Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336807#M969407 <P>Dear</P> <P>&nbsp;</P> <P>OK agreed but I want to know that one should upgrade with the new technologies but again my &nbsp;original question IKEV1 can be hacked,</P> <P>&nbsp;</P> <P>IKE2&nbsp;supports asyncronous authentication ??? means</P> <P>&nbsp;</P> <P>thanks</P> Fri, 23 Feb 2018 18:08:32 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336807#M969407 adamgibs7 2018-02-23T18:08:32Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336849#M969408 If you are using IKEv1 agressive mode with PSK, then yes it can theoretically be hacked.<BR /><BR />Sorry I meant asymmetric authentication, this means you can use PSK on one router/asa and the other router/asa could use certificate or vice versa. IKEv2 also supports EAP for authentication. Fri, 23 Feb 2018 19:29:21 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3336849#M969408 Rob Ingram 2018-02-23T19:29:21Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3338072#M969409 <P>Dear</P> <P>&nbsp;</P> <P>I have a vpn tunnel with IKEv1 between hq and branch the EAP packets still pass from the vpn tunnel for the branch users who are authenticating (dot1X) &nbsp;to the ISE server in HQ,</P> <P>&nbsp;</P> <P>so what new EAP is doing in IKEv2</P> Mon, 26 Feb 2018 17:58:18 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3338072#M969409 adamgibs7 2018-02-26T17:58:18Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3338112#M969410 <P>EAP as an authentication method is used in FlexVPN Remote Access VPN scenarios only</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115755-flexvpn-ike-eap-00.html" target="_self">https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115755-flexvpn-ike-eap-00.html</A></P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html" target="_self">https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html</A></P> Mon, 26 Feb 2018 19:17:55 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3338112#M969410 Rob Ingram 2018-02-26T19:17:55Z https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3341647#M969411 <P>Dear</P> <P>I 'm using in MM and not in AM so according to your reply IKEv1 in MM has no harm of hacking&nbsp; instead as a suggestion we should move to new technologies but from the security audit perspective if it is available in the configuration of ASA it has no loop holes of hacking the tunnel.</P> <P>&nbsp;</P> <P>Please confirm</P> <P>&nbsp;</P> <P>Thanks</P> Sat, 03 Mar 2018 08:43:18 GMT https://community.cisco.com/t5/network-security/ikev1-to-ikev2/m-p/3341647#M969411 adamgibs7 2018-03-03T08:43:18Z