In our previous article we discussed the newly-available IKEv2 mobile VPN and the benefits of moving your users to this version for remote connection. If your firewall is running firmware version 11.11.2 or higher, IKEv2 is also available for use in branch office VPNs (BOVPNs).

BOVPN IKEv2 Availability

IKEv2 is available as a configuration option for:

Manual branch office VPNs
Virtual branch office VPNs

IKEv2 is not currently available as a configuration option for:

Managed branch office VPNS
Branch office VPNs connected to Microsoft Azure
Branch office VPNs connected to Amazon AWS

Benefits of IKEv2

There are two main benefits to upgrading your BOVPNs to IKEv2: performance and security. The previous option, IKEv1, has often presented issues of incompatibility between firewalls and overcomplicating of the connection process. IKEv1 presents multiple connection methods (Main and Aggressive) that have presented many users with confusion as to which mode to use.

IKEv2 greatly simplifies the process. The negotiation between firewalls is simplified, making for an easier connection. Additionally, unlike IKEv1 in which both sides must use the same authentication method, IKEv2 allows for different authentication methods from the two connections.

Transitioning to IKEv2

The transition of a BOVPN to IKEv2 is very simple. The only requirement is that both sides of the phase 1 gateway need be set to this method.

To change a manual BOVPN to IKEv2: