IKE Overview

The IKE suite of protocols allows a pair of security gateways to:

• Dynamically establish a secure tunnel over which the security gateways can exchange tunnel and key information.
• Set up user-level tunnels or SAs, including tunnel attribute negotiations and key management. These tunnels can also be refreshed and terminated on top of the same secure channel.

IKE is based on the Oakley and Skeme key determination protocols and the ISAKMP framework for key exchange and security association establishment. IKE provides:

• Automatic key refreshing on configurable timeout
• Support for public key infrastructure (PKI) authentication systems
• Antireplay defense

IKE is layered on UDP and uses UDP port 500 to exchange IKE information between the security gateways. Therefore, UDP port 500 packets must be permitted on any IP interface involved in connecting a security gateway peer.

The following sections expand on the IKE functionality available for the router.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.