The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard. As mentioned in the T_IPsec chapter, IPsec security associations (SAs) must exist in order for IPsec to protect network traffic. IKE manages those SAs on behalf of IPsec, and automatically negotiates protection policies between IPsec peers. . | Internet Key Exchange Protocol Overview This module introduces the IKE Internet Key Exchange protocol in detail and provides an in-depth description of key management in IPsec VPNs. Detailed protocol characteristics are discussed as well as different protection mechanisms and peer authentication schemes. Peer authentication schemes protect the key management system and are vital to the proper operation of a secure and interoperable VPN. In order to build scalable IPsec VPNs scalable key management is needed. This module provides the student with a strong knowledge of IKE the key management and policy agreement protocol used in IPsec VPNs. Objectives Upon completing this module you will be able to Identify the main purposes of the IKE protocol Explains how IKE interacts with IPsec IKE Technology Introduction Objectives Upon completing this lesson you will be able to Describe how IKE provides key management for IPsec Describe two main functions of IKE key management and policy negotiation Describe how IKE interacts with IPsec and its security associations SAs 2 Acces VPN Copyright 2001 Cisco Systems Inc. Internet Key Exchange IKE Internet Key Exchange RFC 2409 The protocol used for key management in IPsec networks Allows for automatic negotiation and creation of IPsecSAs between IPsec peers 2001 Cisco Systems Inc. uom Access Internet Key Exchange Protocol 5 The Internet Key Exchange IKE protocol described in RFC 2409 is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE but IKE enhances IPsec by providing additional features flexibility and ease of configuration for the IPsec standard. As mentioned in the T_IPsec chapter IPsec security associations SAs must exist in order for IPsec to protect network traffic. IKE manages those SAs on behalf of IPsec and automatically negotiates protection policies between IPsec peers. Copyright 2001 Cisco Systems Inc. Internet Key Exchange Protocol