O'Reilly logo

IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition by Dan Harkins, Naganand Doraswamy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. The Internet Key Exchange

Prior to an IP packet being secured by IPSec, a security association (SA) must exist. The Internet Key Exchange (IKE) creates SAs dynamically on behalf of IPSec and populates and manages the Security Association Database (SADB).

IKE, described in RFC2409, is a hybrid protocol. It is based on a framework defined by the Internet Security Association and Key Management Protocol (ISAKMP), defined in RFC2408, and implements parts of two key management protocols—Oakley and SKEME. In addition IKE defines two exchanges of its own.

Oakley is a protocol developed by Hilarie Orman, a cryptographer from the University of Arizona. It is a free-form protocol that allows each party to advance the state of the protocol at its ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required