In this section, we will go over what IKE is and what the differences are between IKEv1 and IKEv2. IKE is a protocol that belongs to the IPsec protocols suite and is responsible for setting up a security association (an agreement between both parties) that enables two end IPsec enabled devices to send data securely:
- IKEv2 is faster and light on bandwidth, as a smaller number of messages are needed to establish a tunnel. With IKEv1, we had main mode (nine messages), and aggressive mode (six messages). In contrast, IKEv2 only has one mode that has only four messages.
- IKEv2 provides inbuilt NAT Traversal and, by default, IKEv1 does not provide this facility. It is a well-known fact that the IPSec protocol was not designed with Network Address and Port Translation (NAPT) in mind. The initial payload and, in particular, the headers are encrypted when using IPSec ESP mode. An intermediate NAT device cannot change these encrypted headers to its own address. During phase one...