02-23-2018 08:34 AM - edited 02-21-2020 07:24 AM
Dears,
I have a IKEv1 tunnels to another companies, I have been told to move to Ikev2, is there any secuorty loop holes in IKEv1 or the advisor is only asking for additional features in ikev2.
I want to know what are the enhance security features in ikev2 rather than ikev1
thanks
02-23-2018 09:30 AM
Hi, IKEv2 is more secure than IKEv1 - it supports NGE (Next Generation Encryption), it supports asyncronous authentication and it's also faster as it exchanges less messages to setup SA.
HTH
02-23-2018 10:08 AM
Dear
OK agreed but I want to know that one should upgrade with the new technologies but again my original question IKEV1 can be hacked,
IKE2 supports asyncronous authentication ??? means
thanks
02-23-2018 11:29 AM
02-26-2018 09:58 AM
Dear
I have a vpn tunnel with IKEv1 between hq and branch the EAP packets still pass from the vpn tunnel for the branch users who are authenticating (dot1X) to the ISE server in HQ,
so what new EAP is doing in IKEv2
02-26-2018 11:17 AM
EAP as an authentication method is used in FlexVPN Remote Access VPN scenarios only
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115755-flexvpn-ike-eap-00.html
03-03-2018 12:43 AM
Dear
I 'm using in MM and not in AM so according to your reply IKEv1 in MM has no harm of hacking instead as a suggestion we should move to new technologies but from the security audit perspective if it is available in the configuration of ASA it has no loop holes of hacking the tunnel.
Please confirm
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide