04-21-2021 09:15 AM
Good evening to you all
one question for you i don't know how to respond..
i have a cisco ASA (don't know more than this at the moment ) as per the picture attached
i would like to understand if possible to upgrade this ASA from IKEv1 to IKEv2 and if yes how and if not why
please let me know if more info are needed
thks very much for your help
all the best
/michelangelo
Solved! Go to Solution.
04-21-2021 09:41 AM
@mstillante Yes this is possible on ASA 9.5, example of the minimum IKEv2 configuration you'll require.
Configure an IKEv2/IPSec Proposal
crypto ipsec ikev2 ipsec-proposal AES-GCM
protocol esp encryption aes-gcm-256 aes-gcm-192 aes-gcm
protocol esp integrity null
Configure an IKEv2 Policy
crypto ikev2 policy 10
encryption aes-gcm
integrity null
group 19
prf sha256
lifetime seconds 86400
Enable IKEv2 on the outside interface
crypto ikev2 enable OUTSIDE
Enable IKEv2 protocol under the group policy
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2
Configure an IKEv2 PSK under the tunnel-group
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
Enable the IKEv2/IPSec proposal under the crypto map
crypto map CMAP 1 set ikev2 ipsec-proposal AES-GCM
HTH
04-21-2021 09:49 AM
Windows Server 2012 R2 is just the server you are using to access ASDM, the GUI to configure the ASA, not the actual ASA itself.
Those commands of for use in the CLI not ASDM. It will work on ASA physical or ASAv.
04-21-2021 09:21 AM
Note sure what is the model here, but ASA from 9.X support IKEV2
here is deployment guide for reference :
04-21-2021 09:27 AM
sorry but it's written
it's ASAv 7.5 (2) asa version 9.5 (2) 207
running on Windows Server 2012 R2 6.3
thks /m
04-21-2021 09:36 AM
If you referring the screenshot that is not ASA, that ASDM, Management software for ASA.
04-21-2021 09:42 AM
yes but its an ASAv and with ASA version ...
as far as i know it's running the same software of an ASA device
04-21-2021 09:41 AM
@mstillante Yes this is possible on ASA 9.5, example of the minimum IKEv2 configuration you'll require.
Configure an IKEv2/IPSec Proposal
crypto ipsec ikev2 ipsec-proposal AES-GCM
protocol esp encryption aes-gcm-256 aes-gcm-192 aes-gcm
protocol esp integrity null
Configure an IKEv2 Policy
crypto ikev2 policy 10
encryption aes-gcm
integrity null
group 19
prf sha256
lifetime seconds 86400
Enable IKEv2 on the outside interface
crypto ikev2 enable OUTSIDE
Enable IKEv2 protocol under the group policy
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2
Configure an IKEv2 PSK under the tunnel-group
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
Enable the IKEv2/IPSec proposal under the crypto map
crypto map CMAP 1 set ikev2 ipsec-proposal AES-GCM
HTH
04-21-2021 09:46 AM
Hi Rob
thks very much for this .. and i guess this solution can work on ASA (physical) device as well as on ASAv running on Windows Server 2012 R2 6.3 ...
right ?
04-21-2021 09:49 AM
Windows Server 2012 R2 is just the server you are using to access ASDM, the GUI to configure the ASA, not the actual ASA itself.
Those commands of for use in the CLI not ASDM. It will work on ASA physical or ASAv.
04-21-2021 09:52 AM
thks very much for your help
all the best
/m
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide