1 / 5

Internet Key Exchange IKE

Internet Key Exchange IKE. RFC 2409 Services Constructs shared authenticated keys Establishes shared security parameters Common SAs between IPSec peers Relies on the following RFCs RFC 2408: ISAKMP RFC 2407: IPSec DOI RFC 2412: OAKLEY Key Determination. IKE. Phase 1

hop-sweeney
Download Presentation

Internet Key Exchange IKE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Key Exchange IKE • RFC 2409 • Services • Constructs shared authenticated keys • Establishes shared security parameters • Common SAs between IPSec peers • Relies on the following RFCs • RFC 2408: ISAKMP • RFC 2407: IPSec DOI • RFC 2412: OAKLEY Key Determination

  2. IKE • Phase 1 • Creates an ISAKMP SA • IKE has a policy database weighted in order of preference • Phase 2 • Creates an IPSec SA • Done under the protection of the Phase 1 IKE SA

  3. IKE – Phase 1 • IKE Policy Database • Policies or protection suites • IKE SA consists of specific choices for the following: • Encryption algorithm • Hash Algorithm • Diffie-Hellman group • Authentication method

  4. IKE – Phase 1 • IKE SA • Used to create the ISAKMP SA • Always uses a Diffie-Hellman exchange to generate keys • There Are five parameter groups permitted • 3 exponential based • 2 elliptical curve based

  5. IKE – Phase 2 • Creates IPSec SA • Uses IKE SA • IPSec keys are derived from the IKE SA secret state

More Related