IPset Network Segmentation Virtual Tunnel Interface (VTI) Encapsulating Security Payload (ESP) Network Address Translation (NAT) Source/Destination Check Subnet TLS Cipher Suite VPC 3DES Advanced Encryption Standard Autonomous System Border Gateway Protocol CIDR Clientpack Destination NAT Diffie-Helman Encryption Internet Key Exchange (IKE) IP Forwarding Maximum Transmission Unit (MTU) Network Sniffer OpenVPN Overlay Network Perfect Forward Secrecy (PFS) Security Association (SA) SHA SNMP Transmission Control Protocol (TCP) Transport Layer Security (TLS) User Datagram Protocol (UDP) VNS3 Peer VNS3 Routing Agent Wireguard Workforce Service Edge x509 Certificate Ipsec

Internet Key Exchange (IKE)

IKE is another protocol used to set up a secure, authenticated communication between two devices. Typically IKE uses X.509 Certificates for authentication and a Diffie Helman key exchange to establish a secret session. IKE is used to set up a security association (SA) in the IPsec protocol suite.

IKE consists of 2 phases:

• In Phase 1, IKE creates an authenticated connection between peers
• In Phase 2, IKE negotiates the IPsec Security Associations and generates keys to be used by the communication

There are two versions of IKE: IKEv1 and IKEv2. IKEv2 improves on IKEv1 by reducing bandwith consumption, supporting more authentication methods and including by default features like NAT traversal and dead tunnel detection.