Ike v1 or v2 #5236
Comments
|
@akalbfell thanks for the feedback, I assigned the case to the author for further review. |
|
Hello Gentlemen, IKEv2 does work between Azure and FTD but not out the box. A bit of tweaking has to take place. I have implemented 4 of these IKEv2 Tunnels in the Field with no issues. Actually, one client in particular, was trying to get away from IKEv1 since they stated they needed IKEv2 for some sort of AD integration they were attempting through the tunnel. If FTD/ASA is on the FMC already, it takes about 6-8 hours to complete tunnel, with full configuration. Otherwise, it can take longer. |
|
Also, if you want IKEv2, it has to be route-based on the Azure side, since IKEv2 is not supported on Policy-Based Azure. |
|
Thanks for the response. I should have mentioned I didn't make any changes to the parameters of the phase 1 settings when using Ikev2 route based. My issues were with default settings. |
|
Folks, The specific doc described how to use the custom IPsec/IKE policy on an Azure route-based VPN gateway to connect to Cisco ASA with access-list-based Traffic Selectors. It was called out in the beginning of the doc and also in the "Notes" section. Please let us know if there are specific issues regarding the descriptions or specifications. IKEv2 was called out in the beginning of the page. We can take it under review if the ask here is about adding a doc for Cisco ASA using IKEv1 and Azure policy-based VPN gateway. Please let us know. Otherwise, we can close or resolve this issue. Thanks, |
|
#please-close |
I had issues using route based vpn gateway and ikev2 with my ASA. Tunnel would drop, not come up, all sorts of odd things. Finally read somewhere MS doesn't support that setup for the ASA. Using policy based vpn gateway and ikev1 I have had no issues.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: