ikev2 on asa 8.4

abow · ‎11-29-2017

I am the a middle of setting up an ipsec-vpn with ikev2. but my tunnel-group ipsec attributes will not accept

ikev2 command. Please refer to the output below:

------------------------------------------------------------------

Data-FW(config)# tunnel-group RAVPN ipsec-attributes
Data-FW(config-tunnel-ipsec)# ?

tunnel-group configuration commands:
authorization-required Require users to authorize successfully in order to
connect (DEPRECATED)
chain Enable sending certificate chain
exit Exit from tunnel-group IPSec attribute configuration
mode
help Help for tunnel group configuration commands
ikev1 Configure IKEv1
isakmp Configure ISAKMP policy
no Remove an attribute value pair
peer-id-validate Validate identity of the peer using the peer's
certificate
radius-with-expiry Enable negotiation of password update during RADIUS
authentication (DEPRECATED)
---------------------------------------------------------------------------

Francesco Molino · ‎11-29-2017

Hi

Just to be sure, I connected to an old ASA running 8.4.2 (fortunately I still have a pair running old version :-) ) and IKEv2 is there.
As far as I remember, ikev2 was a feature introduced in 8.4 then you should have it.

Can you share the output of show version?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

abow · ‎11-30-2017

Please sh ver output has been attached as requested.

Francesco Molino · ‎11-30-2017

Does commands like crypto ikev2 in global config works?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

abow · ‎12-07-2017

To make things a little easier I will like to provide further information on what I am trying to achieve. I am trying to setup vpn ra on ASA5510 running on ver 8.4(1).

I have decided to config ike version 2 with the template below:

hostname(config)# crypto ikev2 policy 1
hostname(config-ikev2-policy)# group 2
hostname(config-ikev2-policy)# integrity sha512
hostname(config-ikev2-policy)# prf sha512

hostname(config)# crypto ikev2 enable outside

hostname(config)# ip local pool POOL 192.168.0.10-192.168.0.15

hostname(config)# username testuser password 12345678

hostname(config)# crypto ipsec ikev2 ipsec-proposal AES256-SHA512
hostname(config-ipsec-proposal)# protocol esp encryption aes-256
hostname(config-ipsec-proposal)# protocol esp integrity sha-512

hostname(config)# tunnel-group RAVPN type remote-access
hostname(config)# tunnel-group RAVPN general-attributes
hostname(config-general)# address-pool POOL

????? hostname(config)# tunnel-group RAVPN ipsec-attributes ???????????
hostname(config-tunnel-ipsec)# ikev2 local-authentication pre-shared-key *******
hostname(config-tunnel-ipsec)# ikev2 remote-authentication pre-shared-key *********

hostname(config)# crypto dynamic-map DYNMAP 1 set ikev2 ipsec-proposal AES256-SHA512
hostname(config)# crypto dynamic-map DYNMAP 1 set reverse-route

hostname(config)# crypto map CMAP 1 ipsec-isakmp dynamic DYNMAP
hostname(config)# crypto map CMAP interface outside

The challenge is that when I get to this command :
????? hostname(config)# tunnel-group RAVPN ipsec-attributes ???????????
The next command below does not work.
hostname(config-tunnel-ipsec)# ikev2 local-authentication pre-shared-key *******

I am therefore stuck here. I need to get the vpn working ASAP.
Thanks for all the assistance.

Francesco Molino · ‎12-07-2017

Hi,

Can you upgrade in 8.4.2 ?
I don't have any 8.4.1 to test but there is nothing needed, the command should be there.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question