Showing results for 
Search instead for 
Did you mean: 

Site to Site VPN ASA 8.2(5)46 Can't use ikev1?

I'm new to cisco ASA's and I'm trying to create a Site-to-Site VPN tunnel to anothe asa but I'm unable to create an ikev1 policy, it doesn't even give me the option to in the asa running version 8.2(5)46, I have newer firewalls that are using this policy.  Is ikev1 not possible with the version I'm running?

5 Replies 5

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend


You only have the option of IKE v1 with your software as IKE v2 support was only added with software version 8.4.

So I suspect that is why you don't have the option of which version to use.



What would be the command?  I have looked at the configuration in the 8.4 asa's and this is what I have.


This doesn't work with 8.2:

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac


crypto ipsec ? no option for ikev1





The command would just be without the ikev1 because there is no choice on your ASA version.

So if there is no choice there is no option to specify which IKE version you want to use.

Am I misunderstanding your question ?


 Thanks Jon,


If I have the below config'd now:

crypto ipsec transform-set my_set esp-aes esp-md5-hmac

crypto map RS_VPN 136 match address vpn_my_vpnACL

crypto map RS_VPN 136 set pfs

crypto map RS_VPN 136 set peer

crypto map RS_VPN 136 set transform-set my_set

crypto map RS_VPN 136 set security-association lifetime seconds 43200

crypto map RS_VPN interface outside

crypto isakmp enable outside

crypto isakmp policy 100

          authentication pre-share

          encryption aes

          hash md5

         group 2

         lifetime 43200

crypto isakmp am-disable

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

           pre-shared-key  ************************

The IKE and ipsec settings would be:

ike:   aes(128 default) md5 hash

ipsec:  aes(128 default) md5 hash

Would I need any other settings?  I'm trying to connect my ASA to a Siemens Ruggedcom Firewall, I need to provide my settings to the Ruggedcom team to match mine.





Send them all the settings because they will need to know things like PFS has been set, the group used and the security lifetimes etc.

Also send them the crypto map acls so they can match the remote and local subnets.

Obviously if this all by e-mail don't send the key with this unless you are using encrypted mail.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers