More About Ike - Cisco OL-4015-08 User Manual

Chapter 30 More About....

More About IKE

Authentication
Note
Session Negotiation
OL-4015-08
IKE handles the following tasks:
Authentication
•
Session Negotiation
•
Key Exchange
•
IPSec Tunnel Negotiation and Configuration
•
Authentication is arguably the most important task that IKE accomplishes, and it
certainly is the most complicated. Whenever you negotiate something, it is of
utmost importance that you know with whom you are negotiating. IKE can use
one of several methods to authenticate negotiating parties to each other.
Pre-shared Key. IKE uses a hashing technique to ensure that only someone
•
who possesses the same key could have sent the IKE packets.
DSS or RSA digital signatures. IKE uses public-key digital-signature
•
cryptography to verify that each party is whom he or she claims to be.
RSA encryption. IKE uses one of two methods to encrypt enough of the
•
negotiation to ensure that only a party with the correct private key could
continue the negotiation.
SDM supports the pre-shared key method of authentication.
During session negotiation, IKE allows parties to negotiate how they will conduct
authentication and how they will protect any future negotiations (that is, IPSec
tunnel negotiation). The following items are negotiated:
Authentication Method. This is one of the authentication methods listed
•
above.
Key Exchange Algorithm. This is a mathematical technique for securely
•
exchanging cryptographic keys over a public medium (that is,
Diffie-Hellman). The keys are used in the encryption and packet-signature
algorithms.
Cisco Router and Security Device Manager Version 2.2 User's Guide
More About VPN
30-21