Advantages of IKEv2 over IKEv1

11/09/2020 3 6509

DESCRIPTION:

This article explains the advantages of using the IKEv2 over IKEv1.

RESOLUTION:

IKEv2 provides the following benefits over IKEv1:

• In IKEv2 Tunnel endpoints exchange fewer messages to establish a tunnel. IKEv2 uses four messages; IKEv1 uses either six messages (in the main mode) or three messages (in aggressive mode).
• IKEv2 has Built-in NAT-T functionality which improves compatibility between vendors.
• IKEv2 supports EAP authentication.
• IKEv2 has the Keep Alive option enabled as default.
• IKEv2 Supports Mobility and Multi-homing Protocol (MOBIKE) making it more stable. 

  The Mobility and Multi-homing Protocol (MOBIKE) for IKEv2 provide the ability for maintaining a VPN session, when a user moves from one IP address to another, without the need for re-establishing IKE security associations with the gateway. For example, a user could establish a VPN tunnel while using a fixed Ethernet connection in the office. MOBIKE allows the user to disconnect the laptop and move to the office's wireless LAN without interrupting the VPN session.

  MOBIKE operation is transparent and does not require any extra configuration by you or consideration by users.
• Security Associations in IKEv2 are called Child SAs and can be created, modified, and deleted independently at any time during the life of the VPN tunnel.
• IKEv2 reduces the number of Security Associations required per tunnel, thus reducing required bandwidth as VPNs grow to include more and more tunnels between multiple nodes or gateways, 
• IKEv2 is more reliable as all message types are defined as Request and Response pairs.
• IKEv2 supports Asymmetric authentication

Please follow the link for configuring the Site to Site VPN using IKEv2: Steps to configure setup Site to Site VPN with IKEv2