Network Security Principles and Practices

Using AAA to Provide Preshared Keys for IPsec

AAA can be used to provide the preshared keys for authenticating ISAKMP in IPsec implementations. IPsec is covered in more detail in Chapter 13, “IPsec.” This section concentrates on the authentication and authorization portion of this particular setup. This mechanism works only when using aggressive mode in ISAKMP. The ID (see Chapter 13) of the peer is used to query the AAA server for the tunnel attributes, i.e. the pre-shared secret. Please note that main mode cannot be used with this method because it does not allow the ID to be available in time for the AAA lookup to occur.

It is useful to have AAA provide the preshared key for two primary reasons:

Scalability— Instead of maintaining a large ...

Get Network Security Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security Principles and Practices by Saadat Malik

Using AAA to Provide Preshared Keys for IPsec

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly