Why is IKEv2 better than IKEv1?

IMO, any new deployment should go with IKEv2. It provides several advantages over IKEv1.

• IKEv2 is light on bandwidth and faster
• Less number of messages to establish tunnel.
• IKEv2 provides inbuilt NAT Traversal.
• IKEv1 does not provide this facility. But an internet draft was created to enhance IKEv1 with this functionality. Since this draft is not standardized, there may be interoperability issues.
• IKEv2 has inbuilt tunnel liveness checks.
• If tunnel is broken down on peer, it has facility to detect and re-establish the tunnel.
• IKEv1 does not have this functionality. There is an internet draft available though.
• IKEv2 provides comprehensive authentication capabilities.
• It supports Pre-shared key authentication, certificate authentication. IKEv1 also has them.
  
• More importantly, it provides EAP authentication and hence it is suitable to integrate with existing authentication systems in Enterprises. IKEv1 does not have this capability.
• IKEv2 has companion document to work with changing IP addresses on devices .
• MOBIKE standard is only supported on IKEv2.
• IKEv2 has facility to negotiate multiple sets of selectors.
• Many networks/ranges can be negotiated in one exchange. Hence, number of policy records can be very less when sites have multiple networks.
• In IKEv1, each pair of networks need to be defined in one policy record in SPD.
• IKEv2 has clear method to choose subset of selectors when both sites are not configured with exact selector values.
  
• In case of mismatch, IKEv2 has better mechanisms to converge.

If you are newly deploying IPsec gateways or thinking of upgrading Ipsec based security gateways, consider using IKEv2.