Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3249
Views
0
Helpful
4
Replies

ASA 8.4.1 l2l ike v1 or v2

muellertobias
Level 1
Level 1

‎03-29-2011 04:58 PM

I've been tasked at work to implement a couple of site to site vpn tunnels.

My question is here is what is better IKE v1 or v2? Do they operate independently of each other (what I mean is can I choose to either use IKEv1 or v2)?

I did setup my first l2l the other day using a 5505 to a 5510 I followed the official 8.4 documentation and it doesn't really say which one to use. So I just followed the whole thing thru with both 1 and 2 in my config.

The tunnel comes up and works just fine but is using Ikev1.

Many questions... and thank you for the replies.

Labels:
0 Helpful
4 Replies 4

Pavel Pokorny
Level 1
Level 1

‎03-30-2011 12:44 AM

Hi,

I think in this guide is answer about independency:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_site2site.html#wp1055829

Here is something about IKE v2:

https://supportforums.cisco.com/community/netpro/security/vpn/blog/2010/12/22/ike-version-2-at-a-glance

I think that for my purpose is (at this moment) is IKEv1 OK. But what to mention first - IKEv2 is not supported by all devices - it's new thing.

So you have to speak with other side, if IKEv2 is supported by their box.

HTH

Pavel

0 Helpful

muellertobias
Level 1
Level 1
In response to Pavel Pokorny

‎03-30-2011 11:14 AM

The problem I am having is the official doc for 8.4 is confusing. They lump ike v1 and v2 together in one example so it looks like you have to configure them together.

Both my devices are Cisco ASA running 8.4.1

I can get ikev1 to work but I can't get ikev2 to work  (with leaving out the ikev1 commands).  following their config examples

Since Ikev2 is the future and both my devices can run it I would perfer to have v2 working.

0 Helpful

Pavel Pokorny
Level 1
Level 1
In response to muellertobias

‎03-31-2011 11:51 PM

Hi,

I haven't tested this yet, but I have found for myself example, which I'going to use in my testing.

https://supportforums.cisco.com/community/netpro/security/vpn/blog/tags/vpn

HTH

Pavel

0 Helpful

muellertobias
Level 1
Level 1
In response to Pavel Pokorny

‎04-01-2011 12:09 PM

Well I ended up getting Ikev1 and v2 to work. Looks like the official config guide was missing the ikev2 remote-authentication pre-shared-key .

I posted this message on another forum and a user there was able to help me out.

thanks

0 Helpful
Customers Also Viewed These Support Documents