Hello:
My company is migrating from IKEv1 to IKEv2 for stronger hashing and I want to ensure I can successfully migrate to IKEv2 for a tunnel between a FortiGate and an ASA that currently have a working IKEv1 tunnel.
With ASA, you can add IKEv1 and IKEv2 configs for the same tunnel destination so that if IKEv2 fails, IKEv1 can be used as a fallback. Can I configure a second IKEv2 tunnel from FortiGate to the ASA to see whether that comes up? The FortiGate documentation one IKEv2 with ASA is non-existent, as far as I can tell. I want to have a good sense of whether my plan will work. Plan B is to try to get a FortiGate VM to lab it, but I'd much rather avoid that if possible.
No comments:
Post a Comment