30-21
Cisco Router and Security Device Manager Version 2.2 Users Guide
OL-4015-08
Chapter30 More About....
More About VPN
More About IKE
IKE handles the following tasks:
Authentication
Session Negotiation
Key Exchange
IPSec Tunnel Negotiation and Configuration
Authentication
Authentication is arguably the most important task that IKE accomplishes, and it
certainly is the most complicated. Whenever you negotiate something, it is of
utmost importance that you know with whom you are negotiating. IKE can use
one of several methods to authenticate negotiating parties to each other.
Pre-shared Key. IKE uses a hashing technique to ensure that only someone
who possesses the same key could have sent the IKE packets.
DSS or RSA digital signatures. IKE uses public-key digital-signature
cryptography to verify that each party is whom he or she claims to be.
RSA encryption. IKE uses one of two methods to encrypt enough of the
negotiation to ensure that only a party with the correc t private key could
continue the negotiation.
Note SDM supports the pre-shared key method of authentication.

Session Negotiation

During session negotiation, IKE allows parties to negotiate how they will conduct
authentication and how they will protect any future negotiations (that is, IPSec
tunnel negotiation). The following items are negotiated:
Authentication Method. This is one of the authentication methods listed
above.
Key Exchange Algorithm. This is a mathematical technique for secur ely
exchanging cryptographic keys over a public medium (that is,
Diffie-Hellman). The keys are used in the encryption and packet-signature
algorithms.