Options
ISAKMP and IKE
Hi,
Can anyone help me understand the ISKAMP and IKE please? I can't seem to solidify my understanding of the two.
IKE negotiates the keys used for ISKAMP and IPSec, but what is the main purpose of the ISKAMP?
Thanks in advance!
Can anyone help me understand the ISKAMP and IKE please? I can't seem to solidify my understanding of the two.
IKE negotiates the keys used for ISKAMP and IPSec, but what is the main purpose of the ISKAMP?
Thanks in advance!
Comments
-
Options
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g. denial of service and replay attacks). As a framework,[1] ISAKMP is typically utilized by IKE for key exchange, although other methods have been implemented such as Kerberized Internet Negotiation of Keys.
https://secure.wikimedia.org/wikipedia/en/wiki/Internet_Security_Association_and_Key_Management_Protocol -
Options
CK121
Member Posts: 15 ■□□□□□□□□□
I have read that already - I always find the wiki entries a little difficult to understand to get my head around things. Thanks all the same.
-
Options
QHalo
Member Posts: 1,488
ttp://www.ietf.org/rfc/rfc2408.txt
ISAKMP is used to negotiate policies between the peers. It's used during IKE phase 1 and if it fails to find a policy that both peers can agree on, it will not complete the SA and move to phase 2 which is transform negotiation. -
Options
Darril
Member Posts: 1,588
The challenge here is that you're looking for a simplified explanation of a complex topic and I think your basic premise (IKE negotiates the keys used for ISKMP and IPsec) isn't quite right.
Internet Key Exchange (IKE) is used for security associations for IPsec. In other words, it helps both parties in a conversation identify the strongest protocol, create encryption/decryption keys for this protocol, and share them with the other party.
IKE does not negotiate keys for ISAKMP. Instead, IKE is a hybrid of ISAKMP and OAKLEY. It's kind of like looking at a car and a motorcycle and combining them to create a trike. You'll use some elements from the car, some from the motorcycle, and you'll create others to meet your needs. Is the trike a car? Not exactly. But can the trike transport people? Sure. It just does so in a slightly different way.
Similarly, IKE was created by using elements of ISAKMP and OAKLEY.
This RFC describes Internet Security Association and Key Management Protocol (ISAKMP) but doesn't mention IKE at all.
RFC 2408 - Internet Security Association and Key Management Protocol (ISAKMP).
This RFC describes The Internet Key Exchange (IKE) RFC 2409 - The Internet Key Exchange (IKE) and explains how ISAKMP and Oakley is used within it.
HTH,
Darril Gibson
Security+ blog
Security+ Tip Of Day -
OptionsCK121
Member Posts: 15 ■□□□□□□□□□
Thanks everyone for your help. Things are starting to look clearer now.