Internet Key Exchange (IKE)

Also known as: IKE IKEv1 IKEv2

IKE is another protocol used to set up a secure, authenticated communication between two devices. Typically IKE uses X.509 Certificates for authentication and a Diffie Helman key exchange to establish a secret session. IKE is used to set up a security association (SA) in the IPsec protocol suite.

IKE consists of 2 phases:

  • In Phase 1, IKE creates an authenticated connection between peers
  • In Phase 2, IKE negotiates the IPsec Security Associations and generates keys to be used by the communication

There are two versions of IKE: IKEv1 and IKEv2. IKEv2 improves on IKEv1 by reducing bandwith consumption, supporting more authentication methods and including by default features like NAT traversal and dead tunnel detection.