Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
0
Helpful
1
Replies

Cisco router IKEv1 to IKEv2 migration

Go to solution
fsebera
Level 4
Level 4

‎12-09-2020 07:23 AM - edited ‎12-10-2020 05:07 AM

 

 

We are about to start migrating some Cisco network IOS router point-to-point static VPN links from IKEv1 to IKEv2. We have an established QoS and MTU policy that is hard set to the exact values for remote end client routers. The question is - Can we expect the overhead (packet size) of IKEv2 to be larger especially when combined-mode AES-GCM encryption or AES-CBC-256 and Integrity SHA384 is used? 

 

Simply stated:

If the packet size across the point-to-point VPN is always 1490 with all overhead included and we change from IKEv1 to IKEv2 with GCM or AES/SHA will the packet size change?

 

Thank you

Frank

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fsebera
Level 4
Level 4

‎12-10-2020 07:54 AM

 

..... And the answer is yes ............... smaller.

Tks

Frank

View solution in original post

0 Helpful
1 Reply 1

Go to solution
fsebera
Level 4
Level 4

‎12-10-2020 07:54 AM

 

..... And the answer is yes ............... smaller.

Tks

Frank

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents