The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key
management protocol standard which is used in conjunction with the IPsec
standard. IPsec can be configured without IKE, but IKE enhances IPsec by
providing additional features, flexibility, and ease of configuration for the IPsec
As mentioned in the T_IPsec chapter, IPsec security associations (SAs) must exist
in order for IPsec to protect network traffic. IKE manages those SAs on behalf of
IPsec, and automatically negotiates protection policies between IPsec peers. ...
This document provides information about using X.509 digital certificates issued by a Cisco IOS CA
server to authenticate VPN tunnels between Cisco routers. It provides design considerations,
step-by-step configuration instructions, and basic management options for VPN crypto devices using
X.509 digital certificates. This document is written for Cisco system engineers and assumes that you
have a working knowledge of Cisco IOS routers, as well as a basic understanding of IPSec,
ISAKMP/IKE, and X.509 digital certificates....
Virtual Private Networking technology leverages existing infrastructure (the Internet) as a way of building
and enhancing existing connectivity in a secure manner. Based on standard Internet secure protocols, VPN
implementation enables secure links between special types of network nodes: Check Point Security
Gateways. Site to Site VPN ensures secure links between Security Gateways. Remote Access VPN
ensures secure links between Security Gateways and remote access clients.