In our previous article we discussed the newly-available IKEv2 mobile VPN and the benefits of moving your users to this version for remote connection. If your firewall is running firmware version 11.11.2 or higher, IKEv2 is also available for use in branch office VPNs (BOVPNs).
BOVPN IKEv2 Availability
IKEv2 is available as a configuration option for:
Manual branch office VPNs
Virtual branch office VPNs
IKEv2 is not currently available as a configuration option for:
Managed branch office VPNS
Branch office VPNs connected to Microsoft Azure
Branch office VPNs connected to Amazon AWS
Benefits of IKEv2
There are two main benefits to upgrading your BOVPNs to IKEv2: performance and security. The previous option, IKEv1, has often presented issues of incompatibility between firewalls and overcomplicating of the connection process. IKEv1 presents multiple connection methods (Main and Aggressive) that have presented many users with confusion as to which mode to use.
IKEv2 greatly simplifies the process. The negotiation between firewalls is simplified, making for an easier connection. Additionally, unlike IKEv1 in which both sides must use the same authentication method, IKEv2 allows for different authentication methods from the two connections.
Transitioning to IKEv2
The transition of a BOVPN to IKEv2 is very simple. The only requirement is that both sides of the phase 1 gateway need be set to this method.
To change a manual BOVPN to IKEv2:
In Policy Manager, navigate to VPN > Branch Office Gateways.
Select the gateway that you want to update and click Edit
3. Select the Phase 1 Settings tab.
4. In the Version drop-down, select IKEv2.
5. Save your firewall policy.
6. Ensure that the gateway setting on each firewall is changed to IKEv2.
To change a virtual BOVPN to IKEv2:
In Policy Manager, navigate to VPN > BOVPN Virtual Interfaces.
Select the virtual BOVPN that you want to update and click Edit.
3. Select the Phase 1 Settings tab.
4. In the Version drop-down, select IKEv2.
5. Save your firewall policy.
6. Ensure that the gateway setting on each firewall is changed to IKEv2.
Once your BOVPN is converted to IKEv2, you will see it listed as such in your Firebox System Manager on the Front Panel under Branch Office VPNs.