The Internet Key Exchange (IKE) used in the Internet Security Association and Key Management Protocol ( ISAKMP) is a key protocol for managing and exchanging IP Security Protocol( IPsec) keys. The IKE protocol provides a standardized method for authenticating IPsec communication partners and generating shared keys. When using public key procedures, digital certificates and security infrastructures( PKI) can be used for this purpose. On the other hand, pre-shared keys( PSK) can also be used.
In the IKE protocol, the transaction between two instances takes place in two phases. In the first phase, it establishes a communication link with relatively weak security mechanisms, which is used to secure and authenticate further management operations. In the second phase, the two entities negotiate and establish the security protocol to be used. The required keys are also generated in this phase. When establishing a connection, RSA public-key encryption is used, over which a symmetric key such as the DES algorithm or the RC4 algorithm is generated.
To establish a secure connection, several parameters must be exchanged that dictate the type of encryption, the algorithm, the key, and its validity period. All these parameters are described in the Security Association( SA).
Version2 IKEv2 is an improved variant of the IKE protocol and replaces it. IKEv2 is based on IPsec and uses it to establish a secure connection for the Virtual Private Network( VPN). The Internet Key Exchange Protocol originates from the Internet Engineering Task Force and is described in RFCs 2409 and 4306.