Note
IKE requires an IPsec Application License.
IKEΒΆ
Internet Key Exchange (IKE) is the control plane protocol providing authentication and key exchange mechanisms to establish secure Virtual Private Networks (VPNs) over Internet Protocol Security (IPsec).
IKE peers authenticate each other via native IKE methods (pre-shared keys or certificates), or via various EAP methods.
About IPsec
IPsec is a suite of protocols that provides security to Internet communications at the IP layer. The most common current use of IPsec is to provide a VPN, either between two locations (gateway-to-gateway) or between a remote user and an enterprise network (host-to-gateway). More information is available in RFC 4301.
About IKE
IKE is the key negotiation and management protocol that is most commonly used to provide dynamically negotiated and updated keying material for IPsec. IPsec and IKE can be used in conjunction with both IPv4 and IPv6.
More information is available in RFC 2409 and the latest update RFC 7296.
The following sections explain the basics of IKE configuration, IKE authentication, advanced configuration for situational features or performance tuning and finally a couple of example use cases.
- IKE Configuration Overview
- IKE authentication
- Advanced configuration, performance and scalability
- Logging
- Extended Sequence Number (ESN)
- Replay window size
- Virtual IPs and configuration attributes
- Retransmission constants
- Dead Peer Detection (DPD)
- Lifetime of SA acquire messages
- DoS protection
- IKE worker threads
- IKE SA hash table parameters
- IPsec SP hash table parameters
- Reverse route injection
- IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- Manually clearing SAs
- SNMP
- Use cases
- RADIUS attribute support