we are using nessus scans for vulnerability it picked Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1).
we are using Cisco ASR and ISR routers for tunneling. must we change all the IKEv1 to IKEv2 or there's other way of handling this?
If given the choice, I would change to IKEv2. I don't see any point in continuing to use the legacy IKEv1 unless you have to.
You could also change to using certificate authentication (a bit painful to setup).
You could also simple use nice long strong random pre-shared keys. Once you get up to 24 characters long they are almost impossible to hack.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: