cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
938
Views
0
Helpful
6
Replies

IKEv1 to IKEv2

adamgibs7
Level 6
Level 6

Dears,

I have a IKEv1 tunnels to another companies, I have been told to move to Ikev2, is there any secuorty loop holes in IKEv1 or the advisor is only asking for additional features in ikev2.

 

I want to know what are the enhance security features in ikev2 rather than ikev1

 

thanks

6 Replies 6

Hi, IKEv2 is more secure than IKEv1 - it supports NGE (Next Generation Encryption), it supports asyncronous authentication and it's also faster as it exchanges less messages to setup SA.

 

HTH

Dear

 

OK agreed but I want to know that one should upgrade with the new technologies but again my  original question IKEV1 can be hacked,

 

IKE2 supports asyncronous authentication ??? means

 

thanks

If you are using IKEv1 agressive mode with PSK, then yes it can theoretically be hacked.

Sorry I meant asymmetric authentication, this means you can use PSK on one router/asa and the other router/asa could use certificate or vice versa. IKEv2 also supports EAP for authentication.

Dear

 

I have a vpn tunnel with IKEv1 between hq and branch the EAP packets still pass from the vpn tunnel for the branch users who are authenticating (dot1X)  to the ISE server in HQ,

 

so what new EAP is doing in IKEv2

Dear

I 'm using in MM and not in AM so according to your reply IKEv1 in MM has no harm of hacking  instead as a suggestion we should move to new technologies but from the security audit perspective if it is available in the configuration of ASA it has no loop holes of hacking the tunnel.

 

Please confirm

 

Thanks

Review Cisco Networking for a $25 gift card