Monday, February 16, 2015

Ikev2 and why we should be using it

I'm going to discuss my thoughts on IKE version2 and the benefits of using it.  

1st ,  what is IKE?


IKE  Internet Key Exchange, is one first building block for IPSEC vpns. It's  allows vpn  peers to authenticate and negotiate  security-association for encrypting data.

IKEv2 is support  by most modern ipsec vpn gateways.  The following vendors has support for IKEv2;

  1.    cisco
  2.    juniper
  3.    fortinet
  4.    sonicwall
  5.    checkpoint
  6.    openstrong
  7.    pfsense
  8.    others


2nd , IKE advantages ?

IKEv2 has host of benefits over the older IKEv1.

  • resistances to IKE protocol DoS attacks, where IKEv1 was more prone & exposed to these attacks
  • support NAT-T directly
  • more secured and quicker SAs setup
  • support for SCTP
  • support active ACKs and Replies between peers
  • dual or uni direction authentication parameters


3rd , A  few  IKE vpn-clients?

  • forticlient
  • microsoft
  • shrewnet ( has not been confirm )
  • green bow
   


Ken Felix
Freelance Network/Security Engineer
kfelix  -----a----t---- socpuppets ---dot---com

    ^    ^
=(  !   ! )=
      @
      /   \

No comments:

Post a Comment