Internet Key Exchange Version 2 (IKEv2)

A recent CISCO study published in Feb 2016 says that mobile data traffic has grown 4,000-fold over the past 10 years and almost 400-million-fold over the past 15 years. It forecasts that global mobile data traffic will increase nearly eightfold between 2015 and 2020.
Privacy and security become important and complex with the growth in data traffic.
Several Virtual Private Network (VPN) protocols like PPTP, L2TP/VPN, OpenVPN and IKEv2, SSTP, supporting different encryption technologies have evolved over the years. A comparative study of each of them can be found here.

IKEv2 (Internet Key Exchange version 2), referred as VPN Connect by Microsoft, is an IPSec based tunneling protocol that was jointly developed by Microsoft and Cisco. It is one of the few VPN protocols supported by Blackberry devices. Various, largely compatible open source implementations of IKEv2 are available for Linux and other operating systems.

IKEv2 is good at automatically re-establishing a VPN connection when users temporarily lose their internet connections such as entering and leaving an elevator. It supports the Mobility and Multihoming(MOBIKE) protocol, making it highly resilient to changing networks, which is extremely helpful for mobile customers. MOBIKE allows a mobile node encrypting traffic through IKEv2 to change point of attachment while maintaining a VPN session. That is, by using an IKEv2 protocol the user can lose their connection and reconnect to another access point without losing the VPN session! This helps users who switch between WiFi nextwork, hotspots and mobile data.

IKEv2 uses the IPsec Tunnel Mode protocol over UDP port 500, allowing the support for strong authentication and encryption methods. It encapsulates datagrams by using IPsec ESP or AH headers for transmission over the network. The message is encrypted by using encryption keys generated from the IKEv2 negotiation process. It also supports integrity checking algorithms like HMAC. All these things make IKEv2 very highly secure.

IKEv2 is considered at least as good as L2TP/IPsec in terms of security, speed, stability and the ability to establish (and re-establish) a connection.

Draytek routers support LAN to LAN connection (like Microsoft Azure cloud operating system to your network) through a virtual private network (VPN). They also support Host (Windows/Android/iOS) to LAN connection via VPN.

Share this on Facebooktwittergoogle_plusredditpinterestlinkedinmail

Author: Jomon Varghese

Technical Associate @ DVCOM Dubai Specialist in Draytek, Cisco and Asterisk Living in Dubai since 2013. 5+ Years in IT Industry.

Leave a Reply

Your email address will not be published. Required fields are marked *