Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How does ikev1, ikev2 relate to older ipsec/isakmp?

I am connected a site-to-site VPN, with one old ASA version 7.8, and one new ASA, version 8.4.

I am getting very confused about how the new nomenclature relates to the old.

Is ikev1 the same as isakmp in the commands?  Is ikev2 like the old IPSec commands?

Thanks.

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

How does ikev1, ikev2 relate to older ipsec/isakmp?

So on two new ASAs, you can connect isakmp and IPsec on IKEv1, OR  connect isakmp and IPsec on Ikev2.

You would never mix Ikev1 and ikev2 on a single connection, right?

thanks.

How does ikev1, ikev2 relate to older ipsec/isakmp?

You got it now,

You would never mix Ikev1 and ikev2 on a single connection, right?

Exactly, they can work only if both sides match ( no interopability )

Regards,

Julio

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
5 REPLIES

How does ikev1, ikev2 relate to older ipsec/isakmp?

Hello Jimmy,

As you saw the commands required for the configuration indeed change,

Now why is this? Well because we know support IKEv1 and IKEv2,

The one you are using right now ( as you are connecting a site to a site running 7.8 ) is IKEv1,

The commands you have on the ASA with 7.8 are equivalent to IKEv1,

Now when we talk about the IKEv2 protocol: It's a new protocol an improvement

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bca116.shtml

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

How does ikev1, ikev2 relate to older ipsec/isakmp?

The old way of talking about the process was two phases; isakmp and IPsec.

Were both of those Ikev1 ?

If I have two new ASA and connect them, is Ikev1 every used?

Would you still use the terms isakmp and IPSec?

thanks.

How does ikev1, ikev2 relate to older ipsec/isakmp?

Hello Jimmy,

You got it Both of them were Ikev1

If I have two new ASA and connect them, is Ikev1 every used? Yes, as long as you configure Ikev1 right ( we know can use ikev2 as well)

Would you still use the terms isakmp and IPSec? Yes, Ikev1 is built of 2 phases:

1- Isakmp

2-Ipsec

Same thing

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

How does ikev1, ikev2 relate to older ipsec/isakmp?

So on two new ASAs, you can connect isakmp and IPsec on IKEv1, OR  connect isakmp and IPsec on Ikev2.

You would never mix Ikev1 and ikev2 on a single connection, right?

thanks.

How does ikev1, ikev2 relate to older ipsec/isakmp?

You got it now,

You would never mix Ikev1 and ikev2 on a single connection, right?

Exactly, they can work only if both sides match ( no interopability )

Regards,

Julio

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
6910
Views
12
Helpful
5
Replies
CreatePlease to create content