Greetings fellow networkers.
This is a cheat sheet to cross reference the differences between the two versions of IKE as implemented on Cisco IOS and ASA.
I used Crypto Maps with pre-shared authentication as the reference example because Virtual Tunnel Interfaces are fairly new on the ASA and I wanted a broadly applicable baseline. To apply these to tunnel interfaces is a simple matter of replacing the crypto map with an IPSEC profile and calling that under your tunnel interface.
IKEv2 is not cast in the best light here based on the additional configuration in the example, but understand it has an enormous amount of flexibility and maintains a consistent configuration syntax and workflow for all of the VPN permutations compared to IKEv1, where things were bolted on over time. Additionally, you need IKEv2 to utilize next generation crypto suites. There’s really no reason to use IKEv1 in new deployments.
Best wishes,
-s
Nice work – thanks! It would be great to see an example using certificates vs. PSKs and throw in the next gen encryption for kicks.
Thanks Marvin! Sure! How about some ECDSA-SIG?
Sure why not? All your encryption are belong to us!
Once I’m done making all these videos on how to set up a PKI we’ll have an Elliptic curve CA set up in the lab, and we’ll play with some Next-gen Encryption for IKEv2.
i would like to ask one question
if we want to configure ikev2 on asawith anyconnect and ISE then what would be the
vpn-tunnel-protocol… (ikev2,ssl-client,ssl-clientless)
i m bit confused ..
What a wonderful peace of work
Thank you very mu6