What is IKEv2? IKEv2 is the latest version of IKE - Internet Key Exchange, which is the protocol used to establish an IPsec VPN tunnel. IKEv2 has many new features that make it more reliable, more secure, quicker, and simpler.
IKEv2 provides the following benefits over IKEv1:
Tunnel endpoints exchange fewer messages to establish a tunnel. IKEv2 uses four messages; IKEv1 uses either nine messages (in main mode) or six messages (in aggressive mode).
Built-in NAT-T (NAT Traversal) functionality improves compatibility between vendors.
Built-in health check automatically re-establishes a tunnel if it goes down. The liveness check replaces the Dead Peer Detection used in IKEv1.
Supports traffic selectors (one per exchange). The traffic selectors are used in IKE negotiations to control what traffic can access the tunnel.
Supports Hash and URL certificate exchange to reduce fragmentation.
Resiliency against DoS attacks with improved peer validation. An excessive number of half-open SAs can trigger cookie validation.