Cisco Cisco ASA 5585-X Adaptive Security Appliance 문제 해결 가이드

Contributed by Herbert Baerten, Atri Basu, and Gori Dawodu, Cisco
TAC Engineers.
Feb 25, 2013

Introduction
 Prerequisites
      Requirements
      Components Used
      Conventions

Why Migrate to IKEv2?
Migration Overview
 Migration Process
      Configuration
      IKEv2 Tunnel Establishment Verification
      PSK Verification After Migration
 IKEv2 and Tunnel Manager Process
      IKEv2 to IKEv1 Fallback Mechanism
 Harden IKEv2
 Related Information

This document provides information about IKEv2 and the migration process from IKEv1.

Ensure that you have a Cisco ASA Security Appliance that runs IPsec with the IKEv1 Pre−shared key (PSK)
authentication method, and ensure the IPsec tunnel is in the operational state.

For an example configuration of a Cisco ASA Security Appliance that runs IPsec with IKEv1 PSK
authentication method, refer to PIX/ASA 7.x and above: PIX−to−PIX VPN Tunnel Configuration Example.

The information in this document is based on these hardware and software versions.

Cisco ASA 5510 Series Security Appliance that runs with version 8.4.x and later.

• 

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.