In previous analyses, IKEv2 has been shown to possess two authentication vulnerabilities that were considered not exploitable. In this paper, we analyze the protocol specification using the Spin model checker, and prove that in fact the first vulnerability does not exist. In addition, we show that the second vulnerability is exploitable by designing and implementing a novel slow Denial-of-Service attack, which we name the Deviation Attack. We explain the attack's requirements, discuss possible countermeasures and propose a modification of the protocol that we prove eliminates the vulnerability.