Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
2
Helpful
2
Replies

ASA 5525 command "#migrate l2l-- only one endpoint needs this command?

Go to solution
jmaxwellUSAF
VIP
VIP

‎03-16-2023 09:40 AM

I'm tasked with upgrading an ASA-5525  L2L VPN from IKEv1 to IKEv2.

Book "Cisco ASA, 3rd edition" states on page 806 simply to use this command "#migrate l2l", and that's it.

1. is that all that is needed for this task?

2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?

Thank you.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2023 10:21 AM

1. is that all that is needed for this task? yes correct

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113597-ptn-113597.html

2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?

yes that need to match both side config same.

this will ahave downtime when you migrate from v1 to v2.

Note : if you like to have more secure you can change the config after convert.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2023 10:21 AM

1. is that all that is needed for this task? yes correct

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113597-ptn-113597.html

2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?

yes that need to match both side config same.

this will ahave downtime when you migrate from v1 to v2.

Note : if you like to have more secure you can change the config after convert.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
MHM Cisco World
VIP
VIP

‎03-16-2023 10:26 AM - edited ‎03-16-2023 10:36 AM

what you need 
IKEv2 policy 
IKEv2 proposal 
IKEv2 tunnel-group local and remote pre-shared key
all this need to make IKEv2 work. 

after migrate make sure that all above is correct. 

Customers Also Viewed These Support Documents