Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2152
Views
0
Helpful
4
Replies

IKEv1 vulnerability on ASA 5520, can I use IKEv2

whiteford
Level 1
Level 1

‎02-20-2008 07:07 AM - edited ‎03-11-2019 05:05 AM

Hi, I just ran a vulnerability scan against the outside interface of our Cisco 5520 ASA. An d it returned a IKEv1 vulnerability (see below). Id IKEv2 out?

THREAT:

Cisco Internet Key Exchange (IKE) is exposed to a denial of service issue. This issue affects devices implementing IKE Version 1, and is due to resource exhaustion when handling a high rate of IKE requests. An attack of 10 packets per second at 122 bytes each is sufficient to cause denial of service conditions.

Cisco is tracking these issues with the following Bug IDs:

* CSCse70811 for Cisco IOS software

* CSCse89808 for Cisco VPN 3000 Concentrators

* CSCsb51032 for Cisco PIX firewalls

IMPACT:

A successful attack may lead to denial of service to legitimate users.

SOLUTION:

Cisco has information on a mitigation technique only for Cisco IOS software affected by this issue. Refer to Cisco Security Response 70810 for further details.

COMPLIANCE:

Not Applicable

RESULTS:

Detected service isakmp and os Cisco Catalyst / Cisco PIX 7.x / Cisco ASA Firewall / Juniper

Networks Application Acceleration Platform DX

Labels:
0 Helpful
4 Replies 4

Peter Davis
Cisco Employee
Cisco Employee

‎02-26-2008 08:32 AM

IKEv2 support is not available at this time.

Best Regards,

-pete

0 Helpful

raymondmoberly
Level 1
Level 1
In response to Peter Davis

‎05-18-2009 11:54 AM

What is the current status of IKEv2 support?

0 Helpful

gfullage
Cisco Employee
Cisco Employee

‎02-26-2008 02:33 PM

There is a large amount of detail regarding this "vulnerability" at our PSIRT pages:

http://www.cisco.com/warp/public/707/cisco-sr-20060726-ike.shtml

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎02-26-2011 04:42 AM

Please note that IKEv2 is supported on the Cisco ASA Firewalls starting from software v8.4, please see the following link:

https://supportforums.cisco.com/community/netpro/security/vpn/blog/2011/02/08/asa-84-ipsec-vpn--whats-new

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html#wp1042828

Please rate if helpful

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card