ikev1 or IKEv2 IPSec site to site connection

Question

Hi all, 
 I'm in an HO with about ten BO. site to site ipsec connections are all based on ipsec policies with IKEv1. 
 I think IKEv2 is more secure 
 do I have to migrate for security reasons to the IKEv2 version If so, is it just changing the version at the policy level or I have to create another new policy based on ikev2 
 
 Thanks

Erick Jan · Accepted Answer

Hi Fotit, 
 Thank you for reaching out to Sophos Community. 
 Using IKEv2 over IKEv1 is recommended for the IPsec profile to make sure better stability of the IPsec connection. Also, Aggressive mode isn't available for IKEv2. 
 https://support.sophos.com/support/s/article/KB-000037119?language=en_US 
 See more reference for IKEv1 vs IKEv2 
 https://support.huawei.com/enterprise/en/knowledge/EKB1000081273 
 
 Also, there&rsquo;s no need to create another policy. just change both site configurations to IKEv2 to match the policy.

ikev1 or IKEv2 IPSec site to site connection

Top Replies