03-16-2023 09:40 AM
I'm tasked with upgrading an ASA-5525 L2L VPN from IKEv1 to IKEv2.
Book "Cisco ASA, 3rd edition" states on page 806 simply to use this command "#migrate l2l", and that's it.
1. is that all that is needed for this task?
2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?
Thank you.
Solved! Go to Solution.
03-16-2023 10:21 AM
1. is that all that is needed for this task? yes correct
2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?
yes that need to match both side config same.
this will ahave downtime when you migrate from v1 to v2.
Note : if you like to have more secure you can change the config after convert.
03-16-2023 10:21 AM
1. is that all that is needed for this task? yes correct
2. Does the other tunnel endpoint also need to adjust its configuration for this tunnel to only use IKEv2?
yes that need to match both side config same.
this will ahave downtime when you migrate from v1 to v2.
Note : if you like to have more secure you can change the config after convert.
03-16-2023 10:26 AM - edited 03-16-2023 10:36 AM
what you need
IKEv2 policy
IKEv2 proposal
IKEv2 tunnel-group local and remote pre-shared key
all this need to make IKEv2 work.
after migrate make sure that all above is correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide