Quantum-resistant IKEv2 VPNs based on RFC 8784 prevent attackers who are attempting to execute Harvest Now, Decrypt Later attacks from stealing the cryptographic key material used to encrypt data in the VPN. Without the cryptographic keys, attackers can't decrypt harvested data later with a cryptographically relevant quantum computer. Even if attackers successfully steal the encrypted data, without a cryptographically relevant quantum computer to decrypt the key material, they can't compromise the harvested data because they can't decrypt it without the key. RFC 8784 provides a quantum-resistant transition from today's classical cryptography to post-quantum cryptography that you can implement today.

This chapter shows you how to configure post-quantum IKEv2 VPNs, including how to configure post-quantum IKEv2 VPNs in scenarios where you know the IKEv2 peer and its capabilities and scenarios where don't control the IKEv2 peer and don't know its capabilities. Configure Post-Quantum IKEv2 VPNs shows you the post-quantum IKEv2 VPN configuration steps and options. Post-Quantum IKEv2 VPN Configuration Example provides an example of a simple topology and how to configure post-quantum IKEv2 VPN support for the topology.