中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeIKE: Internet Key Exchange Protocol

IKE: Internet Key Exchange Protocol

Internet Key Exchange (IKE) Protocol, a key protocol in the IPsec architecture, is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IPsec DOI.

ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independent, which supports many different key exchanges. The Internet Key Exchange (IKE) is one of a series of key exchanges—called "modes".

IKE processes can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network. Client negotiation is supported. Client mode is where the negotiating parties are not the endpoints for which security association negotiation is taking place. When used in client mode, the identities of the end parties remain hidden.

IKE implementations support the following attribute values:

  • DES in CBC mode with a weak, and semi-weak, key check
  • MD5 and SHA.
  • Authentication via pre-shared keys.
  • MODP over default group number one.

In addition, IKE implementations support: 3DES for encryption; Tiger for hash; the Digital Signature Standard, RSA signatures and authentication with RSA public key encryption; and MODP group number 2. IKE implementations MAY support any additional encryption algorithms and MAY support ECP and EC2N groups.

The IKE modes must be implemented whenever the IPsec DOI is implemented. Other DOIs MAY use the modes described here.

Protocol Structure

IKE protocol messages are a combination of ISAKMP header and SKEME and Oakley fields. The specific message format depends on the message phases and modes. For more details, see the reference documents.

Related protocols: IPsec, ESP, ISAKMP, DES, AES, AH, DOI, HMAC, HMAC-MD5, HMAC-SHA, PKI, IP, IPv6, ICMP, IGMP

Sponsor Source: IKE is defined by IETF (http://www.ietf.org).

Reference: http://www.javvin.com/protocol/rfc4306.pdf: The Internet Key Exchange (IKE) protocol (V2).

‹ GRE: Generic Routing EncapsulationupIPsec AH: IP Authentication Header ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
2 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.