Table of Contents
Advertisement
101
IKE Overview
Security Mechanisms of
IKE C
ONFIGURATION
When configuring IKE, go to these sections for information you are interested in:
"IKE Overview" on page 1901
■
"IKE Configuration Task List" on page 1903
■
"Displaying and Maintaining IKE" on page 1908
■
"IKE Configuration Example" on page 1909
■
"Troubleshooting IKE" on page 1916
■
Built on a framework defined by internet security association and key
management protocol (ISAKMP), internet key exchange (IKE) provides automatic
key negotiation, key exchange and SA establishment services for IPSec, simplifying
the application, management, configuration and maintenance of IPSec
dramatically.
Instead of transmitting keys directly across a network, IKE calculates shared keys
after exchanging a series of data. This disables a third party from decrypting the
keys even if the third party captured all exchanged data that is used to calculate
the keys.
The section covers these topics:
"Security Mechanisms of IKE" on page 1901
■
"Operation of IKE" on page 1902
■
"Function of IKE" on page 1903
■
"Relationship between IKE and IPSec" on page 1903
■
IKE has a series of self-protection mechanisms and supports secure identity
IKE
authentication, key distribution, and IPSec SA establishment on unsecured
networks.
Data authentication
Data authentication involves two concepts:
Identity authentication: Mutual identity authentication between peers. Two
■
authentication methods are available: pre-shared-key authentication and
PKI-based digital signature authentication (RSA signature).
Identity protection: Protecting identity information by using the generated keys
■
to encrypt it before transmitting.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
