Cisco Cisco ASA 5525-X Adaptive Security Appliance Guida Alla Risoluzione Dei Problemi
Swift Migration of IKEv1 to IKEv2 L2L Tunnel
Configuration on ASA 8.4 Code
Configuration on ASA 8.4 Code
Document ID: 113597
Contributed by Herbert Baerten, Atri Basu, and Gori Dawodu, Cisco
TAC Engineers.
Feb 25, 2013
TAC Engineers.
Feb 25, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Prerequisites
Requirements
Components Used
Conventions
Why Migrate to IKEv2?
Migration Overview
Migration Process
Configuration
IKEv2 Tunnel Establishment Verification
PSK Verification After Migration
IKEv2 and Tunnel Manager Process
IKEv2 to IKEv1 Fallback Mechanism
Harden IKEv2
Related Information
Migration Overview
Migration Process
Configuration
IKEv2 Tunnel Establishment Verification
PSK Verification After Migration
IKEv2 and Tunnel Manager Process
IKEv2 to IKEv1 Fallback Mechanism
Harden IKEv2
Related Information
Introduction
This document provides information about IKEv2 and the migration process from IKEv1.
Prerequisites
Requirements
Ensure that you have a Cisco ASA Security Appliance that runs IPsec with the IKEv1 Pre−shared key (PSK)
authentication method, and ensure the IPsec tunnel is in the operational state.
authentication method, and ensure the IPsec tunnel is in the operational state.
For an example configuration of a Cisco ASA Security Appliance that runs IPsec with IKEv1 PSK
authentication method, refer to PIX/ASA 7.x and above: PIX−to−PIX VPN Tunnel Configuration Example.
authentication method, refer to PIX/ASA 7.x and above: PIX−to−PIX VPN Tunnel Configuration Example.
Components Used
The information in this document is based on these hardware and software versions.
Cisco ASA 5510 Series Security Appliance that runs with version 8.4.x and later.
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.