IKEv1 vs. IKEv2 Tidbit

I want to do a brief IKEv1 versus IKEv2 comparison to hit on a few differences between the two & provide an overview of the exchange process for each one respectively.


IKEv1 can operate in two different modes for phase1: Main Mode & Aggressive Mode

  • Main Mode uses 6 messages between the initiator & responder

  • Aggressive mode uses 3 messages between the two (less secure)

  • IKEv1 offers no authentication & reliability

IKEv2 generates only 4 messages in an exchange before negotiating/creating the first Security Association in phase1. To hit on a few benefits:

  • Exchanges are acknowledged & sequenced

  • Built in NAT-Traversal support

  • Supports EAP & asymmetric authentication

  • More reliable

Understanding IKEv1 exchange overview for both Main & Aggressive Modes:

IKEv1 Main Mode versus improved IKEv2 Exchange flow:

IKEv1 is a deprecated protocol & it is best practice to use/deploy solutions using IKEv2. To understand more about the IKEv2 exchange process see: IOS IKEv2 Debugging

Cheers!

0 comments

Recent Posts

See All

In this tidbit I want to cover some high level notes on general trustsec items as well as some good-to-knows. A brief overview of what trustsec is: TrustSec provides scalable access controls by uniqu

In this tidbit I will cover some ESA nice-to-know CLI commands & their purposes: > status = view counters/gauges; counters are a total of various events in the system; gauges show current utilization