cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
0
Helpful
1
Replies

IKE v1 Vulnarebility

sbdladla1
Level 1
Level 1

we are using nessus scans for vulnerability  it picked Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1).

we are using Cisco ASR and ISR routers for tunneling. must we change all the IKEv1 to IKEv2 or there's other way of handling this? 

1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

If given the choice, I would change to IKEv2.  I don't see any point in continuing to use the legacy IKEv1 unless you have to.

You could also change to using certificate authentication (a bit painful to setup).

You could also simple use nice long strong random pre-shared keys.  Once you get up to 24 characters long they are almost impossible to hack.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: