Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

 

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

IKE SA, Oakley and ISAKMP tutorials - IPSec settings

 

 

IKE (Internet Key Exchange),

Internet Key Exchange is a combination of ISAKMP (Internet Security Association and Key Management Protocol) and Oakley protocols. IKE provides secure exchange of cryptographic keys between two IPSec endpoints, VPN gateways for example. IKE defines the methods in how endpoints using IPSec authenticate to each other.

IKE operates in phase 1 and phase 2. In phase 1 mutual authentication is performed using pre-shared keys, in which the encryption and integrity session keys are generated. The key exchange can be processed via main mode or aggressive mode. In phase 2 a security association (SA) is established using the quick mode key exchange process, which negotiates methods used to encrypt information from both IPSec endpoints.

 

IKE Version 2 (Internet Key Exchange version 2)

IKE version 2 was produced to overcome some of the problems and vulnerabilities with IKE, such as DOS attacks and complexities within the framework.

 

Oakley Key Determination Protocol

Oakley is used along side ISAKMP, and is now commonly known as IKE (Internet Key Exchange). Basically Oakley is a protocol to carry out the key exchange negotiation process for both peers, in which both ends after being authenticated can agree on secure and secret keying material. Oakley is based on the Diffie-Hellman key algorithm in which two gateways can agree on a key without the need to encrypt.

 

ISAKMP (Internet Security Association and Key Management Protocol)

ISAKMP is a key exchange architecture or framework used within IPSec, which manages the exchange of keys between both endpoints.

 

Some of the key requirements achieved using ISAKMP;

Management of keys

Authentication - To authenticate peer gateway devices

Manage Security Associations

Protection against Denial of service and replay attacks

 

ISAKMP is also commonly known as IKE (Internet key exchange) or ISAKMP/Oakley.

Further Reading

Wikipedia's guide to Internet Key Exchange