Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
CompTIA
Security+
ISAKMP and IKE
CK121
Hi,
Can anyone help me understand the ISKAMP and IKE please? I can't seem to solidify my understanding of the two.
IKE negotiates the keys used for ISKAMP and IPSec, but what is the main purpose of the ISKAMP?
Thanks in advance!
Find more posts tagged with
Comments
Bl8ckr0uter
ISAKMP defines the procedures for authenticating a communicating peer, creation and management of
Security Associations
,
key generation
techniques, and threat mitigation (e.g. denial of service and replay attacks). As a framework,
[1]
ISAKMP is typically utilized by
IKE
for key exchange, although other methods have been implemented such as
Kerberized Internet Negotiation of Keys
.
https://secure.wikimedia.org/wikipedia/en/wiki/Internet_Security_Association_and_Key_Management_Protocol
CK121
I have read that already - I always find the wiki entries a little difficult to understand to get my head around things. Thanks all the same.
QHalo
ttp://www.ietf.org/rfc/rfc2408.txt
ISAKMP is used to negotiate policies between the peers. It's used during IKE phase 1 and if it fails to find a policy that both peers can agree on, it will not complete the SA and move to phase 2 which is transform negotiation.
Darril
The challenge here is that you're looking for a simplified explanation of a complex topic and I think your basic premise (IKE negotiates the keys used for ISKMP and IPsec) isn't quite right.
Internet Key Exchange (IKE) is used for security associations for IPsec. In other words, it helps both parties in a conversation identify the strongest protocol, create encryption/decryption keys for this protocol, and share them with the other party.
IKE does not negotiate keys for ISAKMP. Instead, IKE is a hybrid of ISAKMP and OAKLEY. It's kind of like looking at a car and a motorcycle and combining them to create a trike. You'll use some elements from the car, some from the motorcycle, and you'll create others to meet your needs. Is the trike a car? Not exactly. But can the trike transport people? Sure. It just does so in a slightly different way.
Similarly, IKE was created by using elements of ISAKMP and OAKLEY.
This RFC describes Internet Security Association and Key Management Protocol (ISAKMP) but doesn't mention IKE at all.
RFC 2408 - Internet Security Association and Key Management Protocol (ISAKMP)
.
This RFC describes The Internet Key Exchange (IKE)
RFC 2409 - The Internet Key Exchange (IKE)
and explains how ISAKMP and Oakley is used within it.
HTH,
Darril Gibson
Security+ blog
Security+ Tip Of Day
CK121
Thanks everyone for your help. Things are starting to look clearer now.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
