03-29-2011 04:58 PM
I've been tasked at work to implement a couple of site to site vpn tunnels.
My question is here is what is better IKE v1 or v2? Do they operate independently of each other (what I mean is can I choose to either use IKEv1 or v2)?
I did setup my first l2l the other day using a 5505 to a 5510 I followed the official 8.4 documentation and it doesn't really say which one to use. So I just followed the whole thing thru with both 1 and 2 in my config.
The tunnel comes up and works just fine but is using Ikev1.
Many questions... and thank you for the replies.
03-30-2011 12:44 AM
Hi,
I think in this guide is answer about independency:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html#wp1055829
Here is something about IKE v2:
I think that for my purpose is (at this moment) is IKEv1 OK. But what to mention first - IKEv2 is not supported by all devices - it's new thing.
So you have to speak with other side, if IKEv2 is supported by their box.
HTH
Pavel
03-30-2011 11:14 AM
The problem I am having is the official doc for 8.4 is confusing. They lump ike v1 and v2 together in one example so it looks like you have to configure them together.
Both my devices are Cisco ASA running 8.4.1
I can get ikev1 to work but I can't get ikev2 to work (with leaving out the ikev1 commands). following their config examples
Since Ikev2 is the future and both my devices can run it I would perfer to have v2 working.
03-31-2011 11:51 PM
Hi,
I haven't tested this yet, but I have found for myself example, which I'going to use in my testing.
https://supportforums.cisco.com/community/netpro/security/vpn/blog/tags/vpn
HTH
Pavel
04-01-2011 12:09 PM
Well I ended up getting Ikev1 and v2 to work. Looks like the official config guide was missing the ikev2 remote-authentication pre-shared-key
I posted this message on another forum and a user there was able to help me out.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide