O'Reilly logo

VPNs Illustrated: Tunnels, VPNs, and IPsec by Jon C. Snader

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

13. IKE

13.1 Introduction

The Internet Key Exchange (IKE) protocol is the third leg of IPsec. It handles the difficult problem of key management by negotiating security associations between a set of peers. The IKE protocol specification is RFC 2409 [Harkins and Carrel 1998].

The basic idea behind IKE is straightforward: The peers perform a Diffie-Hellman exchange to obtain a shared secret that they use to generate keying material for the encryption and authentication algorithms used to protect a VPN. As usual, expressing this simple idea in a robust and secure manner is far from trivial. IKE must take steps to protect itself against denial-of-service attacks, replay attacks, man-in-the-middle attacks, and other attempts to subvert the secure ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required