Explain How Ike/isakmp Works?

1.	Explain How Ike/isakmp Works?
Answer» IKE is a two-phase protocol: Phase 1 IKE phase 1 negotiates the following:- 1.It protects the phase 1 COMMUNICATION itself (using crypto and hash algorithms). 2.It generates SESSION key using Diffie-Hellman groups. 3.Peers will authenticate each other using pre-shared, public key encryption, or digital signature. 4.It also protects the negotiation of phase 2 communication. There are two modes in IKE phase 1:- Main mode - Total Six messages are exchanged in main mode for establishing phase 1 SA. Aggressive mode - It is faster than the main mode as only THREE messages are exchanged in this mode to establish phase 1 SA. It is faster but LESS secure. At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established for IKE communication. Phase 2: IKE phase 2 protects the user data and establishes SA for IPsec. There is one mode in IKE phase 2:- Quick mode - In this mode three messages are exchanged to establish the phase 2 IPsec SA. At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are established for user data—one for SENDING and another for receiving encrypted data. IKE is a two-phase protocol: Phase 1 IKE phase 1 negotiates the following:- 1.It protects the phase 1 communication itself (using crypto and hash algorithms). 2.It generates Session key using Diffie-Hellman groups. 3.Peers will authenticate each other using pre-shared, public key encryption, or digital signature. 4.It also protects the negotiation of phase 2 communication. There are two modes in IKE phase 1:- Main mode - Total Six messages are exchanged in main mode for establishing phase 1 SA. Aggressive mode - It is faster than the main mode as only three messages are exchanged in this mode to establish phase 1 SA. It is faster but less secure. At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established for IKE communication. Phase 2: IKE phase 2 protects the user data and establishes SA for IPsec. There is one mode in IKE phase 2:- Quick mode - In this mode three messages are exchanged to establish the phase 2 IPsec SA. At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are established for user data—one for sending and another for receiving encrypted data.

Answer»

IKE is a two-phase protocol:

Phase 1

IKE phase 1 negotiates the following:-

1.It protects the phase 1 COMMUNICATION itself (using crypto and hash algorithms).

2.It generates SESSION key using Diffie-Hellman groups.

3.Peers will authenticate each other using pre-shared, public key encryption, or digital signature.

4.It also protects the negotiation of phase 2 communication.

There are two modes in IKE phase 1:-

Main mode - Total Six messages are exchanged in main mode for establishing phase 1 SA.

Aggressive mode - It is faster than the main mode as only THREE messages are exchanged in this mode to establish phase 1 SA. It is faster but LESS secure.

At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established for IKE communication.

Phase 2:

IKE phase 2 protects the user data and establishes SA for IPsec.

There is one mode in IKE phase 2:-

Quick mode - In this mode three messages are exchanged to establish the phase 2 IPsec SA.

At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are established for user data—one for SENDING and another for receiving encrypted data.

IKE is a two-phase protocol:

Phase 1

IKE phase 1 negotiates the following:-

1.It protects the phase 1 communication itself (using crypto and hash algorithms).

2.It generates Session key using Diffie-Hellman groups.

3.Peers will authenticate each other using pre-shared, public key encryption, or digital signature.

4.It also protects the negotiation of phase 2 communication.

There are two modes in IKE phase 1:-

Main mode - Total Six messages are exchanged in main mode for establishing phase 1 SA.

Aggressive mode - It is faster than the main mode as only three messages are exchanged in this mode to establish phase 1 SA. It is faster but less secure.

At the end of phase 1, a bidirectional ISAKMP/IKE SA (phase 1 SA) is established for IKE communication.

Phase 2:

IKE phase 2 protects the user data and establishes SA for IPsec.

There is one mode in IKE phase 2:-

Quick mode - In this mode three messages are exchanged to establish the phase 2 IPsec SA.

At the end of phase 2 negotiations, two unidirectional IPsec SAs (Phase 2 SA) are established for user data—one for sending and another for receiving encrypted data.

Explain How Ike/isakmp Works?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment