IKE2 protocol has more advantages than just improved security, for example, router automatically resumes a broken connection (DPD is unnecessary) and this happens almost immediately - and not after several or several dozen seconds. Taking advantage of the opportunity that I got involved in this discussion, I changed all my IPSec connections to the IKEv2 version. It was enough to set this protocol in policies on both sides, nothing else needed to be changed. This was also true for routers behind NAT.
↧