IKE¶

Internet Key Exchange (IKE) is the control plane protocol providing authentication and key exchange mechanisms to establish secure Virtual Private Networks (VPNs) over Internet Protocol Security (IPsec).

IKE peers authenticate each other via native IKE methods (pre-shared keys or certificates), or via various EAP methods.

About IPsec

IPsec is a suite of protocols that provides security to Internet communications at the IP layer. The most common current use of IPsec is to provide a VPN, either between two locations (gateway-to-gateway) or between a remote user and an enterprise network (host-to-gateway). More information is available in RFC 4301.

About IKE

IKE is the key negotiation and management protocol that is most commonly used to provide dynamically negotiated and updated keying material for IPsec. IPsec and IKE can be used in conjunction with both IPv4 and IPv6.

More information is available in RFC 2409 and the latest update RFC 7296.

The following sections explain the basics of IKE configuration, IKE authentication, advanced configuration for situational features or performance tuning and finally a couple of example use cases.