IKEv1/v2/IOS/ASA Cheatsheet

Greetings fellow networkers.

This is a cheat sheet to cross reference the differences between the two versions of IKE as implemented on Cisco IOS and ASA.

I used Crypto Maps with pre-shared authentication as the reference example because  Virtual Tunnel Interfaces are fairly new on the ASA and I wanted a broadly applicable baseline.  To apply these to tunnel interfaces is a simple matter of replacing the crypto map with an IPSEC profile and calling that under your tunnel interface.

IKEv2 is not cast in the best light here based on the additional configuration in the example, but understand it has an enormous amount of flexibility and maintains a consistent configuration syntax and workflow for all of the VPN permutations compared to IKEv1, where things were bolted on over time.  Additionally, you need IKEv2 to utilize next generation crypto suites.  There’s really no reason to use IKEv1 in new deployments.

Best wishes,


6 thoughts on “IKEv1/v2/IOS/ASA Cheatsheet

  1. Once I’m done making all these videos on how to set up a PKI we’ll have an Elliptic curve CA set up in the lab, and we’ll play with some Next-gen Encryption for IKEv2.

  2. i would like to ask one question
    if we want to configure ikev2 on asawith anyconnect and ISE then what would be the
    vpn-tunnel-protocol… (ikev2,ssl-client,ssl-clientless)
    i m bit confused ..

Leave a Reply