cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5469
Views
0
Helpful
8
Replies

IKEV2 IKEV1 Compatibilty

CCertified85
Level 1
Level 1

Hi all,

Please let me know  if i implement IKE V2 on Cisco ASR 1006 Router or on firewall and sets up IPsec with IKEv1 device ( Cisco Router , Juniper etc )

will it work or not ? If yes , please share document to review it further 

1 Accepted Solution

Accepted Solutions

Syed,

IKEv1 and v2 standards are not interoperable, if that's what you're looking for.

You can have, on a single device, tunnels with both IKEv1 and IKEv2 peers (there is no problem with that, with the restriction from my initial post), but do not expect IKEv2-only configuration to be able to terminate IKEv1 negotiation.

ASR or ISR G2 are able to handle IKEv2 and IKEv1 configuration at the same time.

You can have your connectivity towards IKEv2 and IKEv1 peers.

M.

View solution in original post

8 Replies 8

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Syed,

There are only a few scenarios where sharing same SADB could be a problem - but that should no longer be a problem in 3.10 release of ASR.

i.e. if you don't have parallel IKEv1 and IKEv2 tunnels on same endpoint IPs you are OK and also this should be lifted soon.

M.

I am using this IOS

asr1000rp1-adventerprisek9.03.06.02.S.152-2.S2.bin

Can you explain me in more detail

So 3.6.2, quite a good release.

Sure, what info are you looking for?

Please explain your statement

i.e. if you don't have parallel IKEv1 and IKEv2 tunnels on same endpoint IPs you are OK and also this should be lifted soon

Make it more simple

Cisco Device (IKEV2) IP is say 1.1.1.1    i want to establish IPSec with Juniper/etc (IkeV1)   IP is 2.2.2.2

can i establish S2S VPN between IKEV2 and IKEV1

Syed,

IKEv1 and v2 standards are not interoperable, if that's what you're looking for.

You can have, on a single device, tunnels with both IKEv1 and IKEv2 peers (there is no problem with that, with the restriction from my initial post), but do not expect IKEv2-only configuration to be able to terminate IKEv1 negotiation.

ASR or ISR G2 are able to handle IKEv2 and IKEv1 configuration at the same time.

You can have your connectivity towards IKEv2 and IKEv1 peers.

M.

Thanks

alishaikh.n
Level 1
Level 1

Hi all,

 

Please let me know  if i implement IKE V1 on Cisco ASA firewall and on Sophos firewall sets up IPsec with IKEv2

 

will it establish IPsec tunnel or not ? If yes , please share document to review it further 

No, you cannot establish tunnel between an IKEv1 and IKEv2 peer. Both sides need to have the same protocol enabled.