IKE and IPsec packet processing
Internet Key Exchange (IKE) is the protocol used to set up SAs in IPsec negotiation. As described in
“Choosing the IKE version”, you can optionally choose IKEv2 over IKEv1 if you configure a route-based IPsec VPN. IKEv2 simplifies the negotiation process, in that it:
• Provides no choice of Aggressive or Main mode in Phase 1.
• Does not support Peer Options or Local ID.
• Does not allow Extended Authentication (XAUTH).
• Allows you to select only one Diffie-Hellman Group.
• Uses less bandwidth.
The following sections identify how IKE versions 1 and 2 operate and differentiate.