1.3 Overview

The Internet Key Exchange (IKE) Protocol version 1 is used to negotiate security associations (SAs), as specified in [RFC2409], for the purpose of keying authentication header (AH) and Encapsulating Security Payload (ESP) packet transformations. For more information, see [RFC4302] and [RFC4303], respectively. For the general security architecture of IPsec, see [RFC4301].

The IKE Protocol version 1 is specified in [RFC2409] and is closely tied to [RFC2407] and [RFC2408]. In addition, IKE is clearly the most commonly implemented protocol that uses [RFC2407] and [RFC2408]. Also, version 2 of the IKE protocol is specified by a single Request for Comments [RFC4306]. For these reasons, industry practice supports use of the term IKE to collectively refer to [RFC2407], [RFC2408], [RFC2409], and more recently, [RFC4306].

In the remainder of this document, the term IKE collectively applies to [RFC2407], [RFC2408], [RFC2409], and [RFC4306]. Where applicable, the appropriate section of each RFC is referenced in the document.<1>

This document specifies the extensions to IKE. Each of these IKE extensions is independent and can be implemented in isolation. There is no sequencing between the individual extensions. An implementation of this protocol can support any combination of these IKE extensions.<2>

Show: