Dynamic VPN and IKEv2 RRS feed

  • Question

  • Hello,

    I was wondering what's the reason that Azure Static VPN uses IKEv1 and Azure Dynamic VPN uses IKEv2.

    Is there any specific reason why i wouldnt be able to choose between IKE version on dynamic routing?

    Monday, June 22, 2015 1:28 PM


  • Greetings!

    MS Azure requires IKEv2 for dynamic routing. IKEv1 is restricted to static routing only.  For more information on MS Azure VPN requirements and supported crypto parameters for both IKEv1 and IKEv2, refer:


    Dynamic Routing only requires you to have IP address ranges for each of the local network sites that you’ll be connecting to Azure.  It is a route-based VPN connection that uses IP address ranges defined on both gateways and IKEv2 to automatically negotiate the supported routing prefixes.  This is known as traffic selector negotiation under the IKEv2 RFC and PAN-OS uses Proxy IDs to configure the IP address ranges.

    Thank you,


    Monday, June 22, 2015 7:39 PM