In IPSec, a SA between any two devices will contain all relevant information such, as the cryptographic algorithm in use.
A cryptographic algorithm is the science of cryptography. This field of science includes the exact details of encryption algorithms, digital signatures, and key agreement algorithms.
A simple two-router network requires four SAs, two for each router. (IPSec requires two SAs on each router for two-way communication.)
Clearly, for a large network, this would not scale. IKE offers a scalable solution to configuration, and key exchange management.
IKE was designed to negotiate and provide authenticated keys in a secure manner.
IKE has two phases. In phase I, the cryptographic operation involves the ...