IPSec IKEv2

jarinoo3 · ‎02-25-2017

Hello,

I have questions about IPSec IKEv2, I have this configuration this is same as Phase 1 in IKEv1 is it true?
So, by this configuration it will create ISAKMP SA?

Why it is not mandatory to use lifetime in IKEv2 ?

Why we use this configuration? In IKEv2 we use it to secure negotiation between peers.

crypto ikev2 policy 1

encryption aes-256 3des des

integrity sha256 sha md5

group 14

prf sha

lifetime seconds 86400

crypto ikev2 enable OUTSIDE

Is this something like Ipsec phase in IKEv1?

Why we actually use this configuration when it is defined in previous? This configuration is to secure data transmition ?

crypto ipsec ikev2 ipsec-proposal VPNZABEZ

protocol esp encryption aes-256

protocol esp integrity sha-1

Thank you very much for your answers.

Philip D'Ath · ‎02-25-2017

Please please please don't use DES, 3DES, SHA-1 or MD5 in any new configs. They are deprecated.

Yes the ikev2 policy is like the ikev1 phase 1.

ikev2 proposal is like ikev1 phase 2.

The settings don't have to be the same.

jarinoo3 · ‎02-27-2017

Thanks for answer,

In IKEv2 proposal configuration is to secure data transmission??

Thanks.

Philip D'Ath · ‎02-27-2017

Yes.