Categories: Guide

Difference Between IKEv1 and IKEv2

Table of Contents

IKEv1 vs IKEv2

“IKE,” which stands for “Internet Key Exchange,” is a protocol that belongs to the IPsec protocols suite. Its responsibility is in setting up security associations that allow two parties to send data securely. IKE was introduced in 1998 and was later superseded by version 2 roughly 7 years later. There are a number of differences between IKEv1 and IKEv2, not the least of which is the reduced bandwidth requirements of IKEv2. Freeing up bandwidth is always a good thing as the extra bandwidth can be used for the transmission of data.

Another difference between IKEv1 and IKEv2 is the inclusion of EAP authentication in the latter. IKEv1 does not support EAP and can only choose between a pre-shared key and certificate authentication which IKEv2 also supports. EAP is essential in connecting with existing enterprise authentication systems. IKEv2 also introduces MOBIKE; a feature not found on IKEv1. MOBIKE allows IKEv2 to be used in mobile platforms like phones and by users with multi-homed setups.

Another difference between IKEv1 and IKEv2 is the incorporation of NAT traversal in the latter. NAT traversal is necessary when a router along the route performs Network Address Translation. This is when a router captures the packets sent and modifies the destination address on the packets. This is typical when multiple users are using the same Internet connection thus giving them the same IP address. This is not a problem with ordinary activities like browsing but can be a significant problem when IPsec is needed. That is why IKEv2 has a significant advantage over IKEv1

Lastly, IKEv2 has been improved so that it is able to detect whether the tunnel is still alive or not. This is commonly referred to as a “liveness” check. If the liveness check fails, caused by the tunnel breaking down, IKEv2 is then able to re-establish the connection automatically. IKEv1 does not have this ability and would just assume that the connection is always up thus having quite an impact on reliability. There are several workarounds for IKEv1, but these are not standardized.

Summary:

1.IKEv2 does not consume as much bandwidth as IKEv1.
2.IKEv2 supports EAP authentication while IKEv1 doesn’t.
3.IKEv2 supports MOBIKE while IKEv1 doesn’t.
4.IKEv2 has built-in NAT traversal while IKEv1 doesn’t.
5.IKEv2 can detect whether a tunnel is still alive while IKEv1 cannot.


ncG1vJloZrCvp2OxqrLFnqmeppOar6bA1p6cp2aemsFwwMScn6ennKS0unvPq6atp5OkubR5xaipppmkqHyltcWfnKudnpiybq7Era6enZ5itqyx1WpkmqaUYrassdVrZg%3D%3D