D-Link DI-1750 Reference Manual page 376

The crypto map is applied to an interface:
config-interface Serial0/0
config-ip addr192.2.2.2
crypto map toShanghai
8.5 Configuring Internet Key Exchange Security Protocol
8.5.1 Overview
This chapter describes how to configure the Internet Key Exchange (IKE) protocol. IKE is a key
management protocol standard that is used in conjunction with the IPSec standard. IPSec can be
configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of
configuration for the IPSec standard. IKE is a hybrid protocol that implements the Oakley key exchange
and the Skeme key exchange inside the Internet Security Association and Key Management Protocol
(ISAKMP) framework. (ISAKMP, Oakley, and Skeme are security protocols implemented by IKE.)
1. About IKE
IKE automatically negotiates IPSec security associations (SA) and enables IPSec secure
communications without costly manual preconfiguration. IKE provides these benefits:
Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both
peers.
Allows you to specify a lifetime for the IPSec security association.
Allows encryption keys to change during IPSec sessions.
Allows IPSec to provide anti-replay services.
Allows dynamic authentication of peers.
2. Supported Standards
The Router implements the following standards:
♦ IPSec—IP Security Protocol. IPSec is a framework of open standards that provides data
confidentiality, data integrity, and data authentication between participating peers. IPSec provides
these security services at the IP layer; it uses IKE to handle negotiation of protocols and algorithms
based on local policy, and to generate the encryption and authentication keys to be used by IPSec.
IPSec can be used to protect one or more data flows between a pair of hosts, between a pair of
security gateways, or between a security gateway and a host.
♦ Internet Key Exchange (IKE)—A hybrid protocol which implements Oakley and Skeme key
exchanges inside the ISAKMP framework. While IKE can be used with other protocols, its initial
implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers,
negotiates IPSec keys, and negotiates IPSec security associations.
♦ SAKMP—The Internet Security Association and Key Management Protocol. A protocol framework
which defines payload formats, the mechanics of implementing a key exchange protocol, and the
negotiation of a security association.
♦ Oakley—A key exchange protocol which defines how to derive authenticated keying material.
♦ Skeme—A key exchange protocol which defines how to derive authenticated keying material, with
rapid key refreshment.
The component technologies implemented for use by IKE include:
♦ DES—The Data Encryption Standard.
♦ 3DES—Triple DES (3DES) utilize to packet-data encryption.
♦ Diffie-Hellman—A public-key cryptography protocol which allows two parties to establish a shared
secret over an unsecure communications channel. Diffie-Hellman is used within IKE to establish
session keys. 768-bit and 1024-bit Diffie-Hellman groups are supported.
Model Name
- 374 -