Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5470
Views
0
Helpful
8
Replies

IKEV2 IKEV1 Compatibilty

Go to solution
CCertified85
Level 1
Level 1

‎01-30-2013 08:46 PM

Hi all,

Please let me know  if i implement IKE V2 on Cisco ASR 1006 Router or on firewall and sets up IPsec with IKEv1 device ( Cisco Router , Juniper etc )

will it work or not ? If yes , please share document to review it further 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to CCertified85

‎01-30-2013 09:19 PM

Syed,

IKEv1 and v2 standards are not interoperable, if that's what you're looking for.

You can have, on a single device, tunnels with both IKEv1 and IKEv2 peers (there is no problem with that, with the restriction from my initial post), but do not expect IKEv2-only configuration to be able to terminate IKEv1 negotiation.

ASR or ISR G2 are able to handle IKEv2 and IKEv1 configuration at the same time.

You can have your connectivity towards IKEv2 and IKEv1 peers.

M.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-30-2013 08:52 PM

Syed,

There are only a few scenarios where sharing same SADB could be a problem - but that should no longer be a problem in 3.10 release of ASR.

i.e. if you don't have parallel IKEv1 and IKEv2 tunnels on same endpoint IPs you are OK and also this should be lifted soon.

M.

0 Helpful

Go to solution
CCertified85
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-30-2013 08:55 PM

I am using this IOS

asr1000rp1-adventerprisek9.03.06.02.S.152-2.S2.bin

Can you explain me in more detail

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to CCertified85

‎01-30-2013 09:08 PM

So 3.6.2, quite a good release.

Sure, what info are you looking for?

0 Helpful

Go to solution
CCertified85
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-30-2013 09:13 PM

Please explain your statement

i.e. if you don't have parallel IKEv1 and IKEv2 tunnels on same endpoint IPs you are OK and also this should be lifted soon

Make it more simple

Cisco Device (IKEV2) IP is say 1.1.1.1    i want to establish IPSec with Juniper/etc (IkeV1)   IP is 2.2.2.2

can i establish S2S VPN between IKEV2 and IKEV1

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to CCertified85

‎01-30-2013 09:19 PM

Syed,

IKEv1 and v2 standards are not interoperable, if that's what you're looking for.

You can have, on a single device, tunnels with both IKEv1 and IKEv2 peers (there is no problem with that, with the restriction from my initial post), but do not expect IKEv2-only configuration to be able to terminate IKEv1 negotiation.

ASR or ISR G2 are able to handle IKEv2 and IKEv1 configuration at the same time.

You can have your connectivity towards IKEv2 and IKEv1 peers.

M.

0 Helpful

Go to solution
CCertified85
Level 1
Level 1
In response to Marcin Latosiewicz

‎01-30-2013 09:24 PM

Thanks

0 Helpful

Go to solution
alishaikh.n
Level 1
Level 1

‎04-04-2018 01:48 AM

Hi all,

 

Please let me know  if i implement IKE V1 on Cisco ASA firewall and on Sophos firewall sets up IPsec with IKEv2

 

will it establish IPsec tunnel or not ? If yes , please share document to review it further 

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to alishaikh.n

‎04-04-2018 06:21 AM

No, you cannot establish tunnel between an IKEv1 and IKEv2 peer. Both sides need to have the same protocol enabled.
0 Helpful
Customers Also Viewed These Support Documents