Relationship between IKE and IPsec
Figure 120 Relationship between IKE and IPsec
Figure 125
illustrates the relationship between IKE and IPsec:
IKE is an application layer protocol using UDP and functions as the signaling protocol of IPsec.
•
IKE negotiates SAs for IPsec and delivers negotiated parameters and generated keys to IPsec.
•
IPsec uses the SAs set up through IKE negotiation for encryption and authentication of IP packets.
•
Protocols and standards
These protocols and standards are relevant to IKE:
RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
•
RFC 2409, The Internet Key Exchange (IKE)
•
RFC 2412, The OAKLEY Key Determination Protocol
•
IKE configuration task list
Prior to IKE configuration, you must determine the following parameters:
The strength of the algorithms for IKE negotiation (the security protection level), including the
•
identity authentication method, encryption algorithm, authentication algorithm, and DH group.
Different algorithms provide different levels of protection. A stronger algorithm means more resistant
to decryption of protected data but requires more resources. Generally, the longer the key, the
stronger the algorithm.
The pre-shared key or the PKI domain the certificate belongs to. For more information about PKI
•
configuration, see the chapter "PKI configuration."
To configure IKE:
Task
Configuring a name for the local security gateway
Configuring an IKE proposal
Remarks
Optional.
Optional.
Required if you want to specify an IKE proposal for
an IKE peer to reference.
357