IKEv1 vs. IKEv2 Tidbit

I want to do a brief IKEv1 versus IKEv2 comparison to hit on a few differences between the two & provide an overview of the exchange process for each one respectively.


IKEv1 can operate in two different modes for phase1: Main Mode & Aggressive Mode

  • Main Mode uses 6 messages between the initiator & responder

  • Aggressive mode uses 3 messages between the two (less secure)

  • IKEv1 offers no authentication & reliability

IKEv2 generates only 4 messages in an exchange before negotiating/creating the first Security Association in phase1. To hit on a few benefits:

  • Exchanges are acknowledged & sequenced

  • Built in NAT-Traversal support

  • Supports EAP & asymmetric authentication

  • More reliable

Understanding IKEv1 exchange overview for both Main & Aggressive Modes:

IKEv1 Main Mode versus improved IKEv2 Exchange flow:

IKEv1 is a deprecated protocol & it is best practice to use/deploy solutions using IKEv2. To understand more about the IKEv2 exchange process see: IOS IKEv2 Debugging

Cheers!

0 comments

Recent Posts

See All

ASA MultiContext Mode Packet Classification Tidbit

In order to understand how traffic flows through the segregated contexts it is important to understand how the ASA determines the context in which it will send the packets. This process is known as c

ASA Security Contexts Tidbit

In this tidbit I want to explain what Cisco ASA Security Contexts are in this blog. A very plain & simple way to put it, security contexts are a way to logically divide the ASA into multiple logical

Fundamentals of PKI Tidbit

I want to touch on some of the fundamentals and standards involved with PKI to give us an overview of what things are/mean. To start let's cover what the standards are. So you have probably seen or