CINXE.COM
Internet Key Exchange - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Internet Key Exchange - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy","wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"63648153-6ba6-4dae-a828-0d1e62c617e2","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Internet_Key_Exchange","wgTitle":"Internet Key Exchange","wgCurRevisionId":1278383670,"wgRevisionId":1278383670,"wgArticleId":194340,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 errors: periodical ignored","Articles with short description","Short description is different from Wikidata","All articles with unsourced statements","Articles with unsourced statements from June 2015","Wikipedia articles needing clarification from February 2009","All Wikipedia articles needing clarification","Articles containing German-language text","IPsec","Cryptographic protocols"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Internet_Key_Exchange","wgRelevantArticleId":194340,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":20000,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q2455266","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGELevelingUpEnabledForUser":false}; RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","site","mediawiki.page.ready","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.quicksurveys.init","ext.growthExperiments.SuggestedEditSession"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.22"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Internet Key Exchange - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Internet_Key_Exchange"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Internet_Key_Exchange&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Internet_Key_Exchange"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Internet_Key_Exchange rootpage-Internet_Key_Exchange skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" title="Main menu" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li><li id="n-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages"><span>Special pages</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Internet+Key+Exchange" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Internet+Key+Exchange" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Internet+Key+Exchange" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Internet+Key+Exchange" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History</span> </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Architecture" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Architecture"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Architecture</span> </div> </a> <button aria-controls="toc-Architecture-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Architecture subsection</span> </button> <ul id="toc-Architecture-sublist" class="vector-toc-list"> <li id="toc-IKEv1_phases" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#IKEv1_phases"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1</span> <span>IKEv1 phases</span> </div> </a> <ul id="toc-IKEv1_phases-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Problems_with_IKE" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Problems_with_IKE"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2</span> <span>Problems with IKE</span> </div> </a> <ul id="toc-Problems_with_IKE-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Improvements_with_IKEv2" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Improvements_with_IKEv2"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.3</span> <span>Improvements with IKEv2</span> </div> </a> <ul id="toc-Improvements_with_IKEv2-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Protocol_extensions" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Protocol_extensions"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Protocol extensions</span> </div> </a> <ul id="toc-Protocol_extensions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Implementations" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementations"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Implementations</span> </div> </a> <ul id="toc-Implementations-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Vulnerabilities" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Vulnerabilities"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Vulnerabilities</span> </div> </a> <ul id="toc-Vulnerabilities-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" title="Table of Contents" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Internet Key Exchange</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 17 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-17" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">17 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Czech" lang="cs" hreflang="cs" data-title="Internet Key Exchange" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de badge-Q70894304 mw-list-item" title=""><a href="https://de.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – German" lang="de" hreflang="de" data-title="Internet Key Exchange" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Internet_key_exchange" title="Internet key exchange – Spanish" lang="es" hreflang="es" data-title="Internet key exchange" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D9%85%D8%A8%D8%A7%D8%AF%D9%84%D9%87_%DA%A9%D9%84%DB%8C%D8%AF_%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA" title="مبادله کلید اینترنت – Persian" lang="fa" hreflang="fa" data-title="مبادله کلید اینترنت" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – French" lang="fr" hreflang="fr" data-title="Internet Key Exchange" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EC%9D%B8%ED%84%B0%EB%84%B7_%ED%82%A4_%EA%B5%90%ED%99%98" title="인터넷 키 교환 – Korean" lang="ko" hreflang="ko" data-title="인터넷 키 교환" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Internet_key_exchange" title="Internet key exchange – Italian" lang="it" hreflang="it" data-title="Internet key exchange" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Dutch" lang="nl" hreflang="nl" data-title="Internet Key Exchange" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja badge-Q70894304 mw-list-item" title=""><a href="https://ja.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Japanese" lang="ja" hreflang="ja" data-title="Internet Key Exchange" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Internet Key Exchange" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target"><span>Norsk bokmål</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Polish" lang="pl" hreflang="pl" data-title="Internet Key Exchange" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/IKE" title="IKE – Russian" lang="ru" hreflang="ru" data-title="IKE" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-simple mw-list-item"><a href="https://simple.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Simple English" lang="en-simple" hreflang="en-simple" data-title="Internet Key Exchange" data-language-autonym="Simple English" data-language-local-name="Simple English" class="interlanguage-link-target"><span>Simple English</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Finnish" lang="fi" hreflang="fi" data-title="Internet Key Exchange" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/%C4%B0nternet_anahtar_de%C4%9Fi%C5%9Fim_protokol%C3%BC" title="İnternet anahtar değişim protokolü – Turkish" lang="tr" hreflang="tr" data-title="İnternet anahtar değişim protokolü" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/Internet_Key_Exchange" title="Internet Key Exchange – Ukrainian" lang="uk" hreflang="uk" data-title="Internet Key Exchange" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E7%B6%B2%E9%9A%9B%E7%B6%B2%E8%B7%AF%E9%87%91%E9%91%B0%E4%BA%A4%E6%8F%9B" title="網際網路金鑰交換 – Chinese" lang="zh" hreflang="zh" data-title="網際網路金鑰交換" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q2455266#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Internet_Key_Exchange" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Internet_Key_Exchange" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Internet_Key_Exchange"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Internet_Key_Exchange"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Internet_Key_Exchange" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Internet_Key_Exchange" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&oldid=1278383670" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Internet_Key_Exchange&id=1278383670&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FInternet_Key_Exchange"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FInternet_Key_Exchange"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Internet_Key_Exchange&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Internet_Key_Exchange&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q2455266" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Internet protocol</div> <p>In computing, <b>Internet Key Exchange</b> (<b>IKE</b>, versioned as <b>IKEv1</b> and <b>IKEv2</b>) is the protocol used to set up a <a href="/wiki/Security_association" title="Security association">security association</a> (SA) in the <a href="/wiki/IPsec" class="mw-redirect" title="IPsec">IPsec</a> protocol suite. IKE builds upon the <a href="/wiki/Oakley_protocol" title="Oakley protocol">Oakley protocol</a> and <a href="/wiki/Internet_Security_Association_and_Key_Management_Protocol" title="Internet Security Association and Key Management Protocol">ISAKMP</a>.<sup id="cite_ref-rfc2409_sec1_1-0" class="reference"><a href="#cite_note-rfc2409_sec1-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> IKE uses <a href="/wiki/X.509" title="X.509">X.509</a> certificates for authentication ‒ either pre-shared or distributed using <a href="/wiki/Domain_Name_System" title="Domain Name System">DNS</a> (preferably with <a href="/wiki/Domain_Name_System_Security_Extensions" title="Domain Name System Security Extensions">DNSSEC</a>) ‒ and a <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> to set up a <a href="/wiki/Shared_secret" title="Shared secret">shared session secret</a> from which <a href="/wiki/Key_(cryptography)" title="Key (cryptography)">cryptographic keys</a> are derived.<sup id="cite_ref-rfc3129p1_2-0" class="reference"><a href="#cite_note-rfc3129p1-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-rfc4322p5_3-0" class="reference"><a href="#cite_note-rfc4322p5-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> In addition, a security policy for every peer which will connect must be manually maintained.<sup id="cite_ref-rfc3129p1_2-1" class="reference"><a href="#cite_note-rfc3129p1-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=1" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The <a href="/wiki/Internet_Engineering_Task_Force" title="Internet Engineering Task Force">Internet Engineering Task Force</a> (IETF) originally defined IKE in November 1998 in a series of publications (<a href="/wiki/Request_for_Comments" title="Request for Comments">Request for Comments</a>) known as RFC 2407, RFC 2408 and RFC 2409: </p> <ul><li><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2407">2407</a> defined the Internet IP Security Domain of Interpretation for ISAKMP.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2408">2408</a> defined the Internet Security Association and <a href="/wiki/Key_management" title="Key management">Key Management</a> Protocol (ISAKMP). <sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2409">2409</a> defined the Internet Key Exchange (IKE). <sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup></li></ul> <p><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4306">4306</a> updated IKE to version two (IKEv2) in December 2005.<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4718">4718</a> clarified some open details in October 2006.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5996">5996</a> combined these two documents plus additional clarifications into the updated IKEv2,<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup> published in September 2010. A later update upgraded the document from Proposed Standard to <a href="/wiki/Internet_Standard" title="Internet Standard">Internet Standard</a>, published as <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7296">7296</a> in October 2014. </p><p>The parent organization of the IETF, the <a href="/wiki/Internet_Society" title="Internet Society">Internet Society</a> (ISOC), has maintained the copyrights of these standards as freely available to the Internet community. </p> <div class="mw-heading mw-heading2"><h2 id="Architecture">Architecture</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=2" title="Edit section: Architecture"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Most IPsec implementations consist of an IKE <a href="/wiki/Daemon_(computing)" title="Daemon (computing)">daemon</a> that runs in <a href="/wiki/User_space_and_kernel_space" title="User space and kernel space">user space</a> and an IPsec stack in the <a href="/wiki/Kernel_(operating_system)" title="Kernel (operating system)">kernel</a> that processes the actual <a href="/wiki/Internet_Protocol" title="Internet Protocol">IP</a> packets. </p><p>User-space daemons have easy access to mass storage containing configuration information, such as the IPsec endpoint addresses, keys and certificates, as required. Kernel modules, on the other hand, can process packets efficiently and with minimum overhead—which is important for performance reasons. </p><p>The IKE protocol uses <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a> packets, usually on port 500, and generally requires 4–6 packets with 2–3 round trips to create an <a href="/wiki/ISAKMP" class="mw-redirect" title="ISAKMP">ISAKMP</a> <a href="/wiki/Security_association" title="Security association">security association</a> (SA) on both sides. The negotiated key material is then given to the IPsec stack. For instance, this could be an <a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">AES</a> key, information identifying the IP endpoints and ports that are to be protected, as well as what type of IPsec tunnel has been created. The IPsec stack, in turn, intercepts the relevant IP packets if and where appropriate and performs encryption/decryption as required. Implementations vary on how the interception of the packets is done—for example, some use virtual devices, others take a slice out of the firewall, etc. </p><p>IKEv1 consists of two phases: phase 1 and phase 2.<sup id="cite_ref-The_Internet_Key_Exchange_p._5_10-0" class="reference"><a href="#cite_note-The_Internet_Key_Exchange_p._5-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="IKEv1_phases">IKEv1 phases</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=3" title="Edit section: IKEv1 phases"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>IKE phase one's purpose is to establish a secure authenticated communication channel by using the <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP security association.<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> The authentication can be performed using either <a href="/wiki/Pre-shared_key" title="Pre-shared key">pre-shared key</a> (shared secret), signatures, or public key encryption.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers and the hash of the shared key by encrypting them; Aggressive Mode does not.<sup id="cite_ref-The_Internet_Key_Exchange_p._5_10-1" class="reference"><a href="#cite_note-The_Internet_Key_Exchange_p._5-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p><p>During IKE phase two, the IKE peers use the secure channel established in Phase 1 to negotiate Security Associations on behalf of other services like <a href="/wiki/IPsec" class="mw-redirect" title="IPsec">IPsec</a>. The negotiation results in a minimum of two unidirectional security associations (one inbound and one outbound).<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> Phase 2 operates only in Quick Mode.<sup id="cite_ref-The_Internet_Key_Exchange_p._5_10-2" class="reference"><a href="#cite_note-The_Internet_Key_Exchange_p._5-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Problems_with_IKE">Problems with IKE</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=4" title="Edit section: Problems with IKE"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Originally, IKE had numerous configuration options but lacked a general facility for automatic negotiation of a well-known default case that is universally implemented. Consequently, both sides of an IKE had to exactly agree on the type of security association they wanted to create –  option by option –  or a connection could not be established. Further complications arose from the fact that in many implementations the debug output was difficult to interpret, if there was any facility to produce diagnostic output at all. </p><p>The IKE specifications were open to a significant degree of interpretation, bordering on design faults (<a href="/wiki/Dead_Peer_Detection" class="mw-redirect" title="Dead Peer Detection">Dead Peer Detection</a> being a case in point<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (June 2015)">citation needed</span></a></i>]</sup>), giving rise to different IKE implementations not being able to create an agreed-upon security association at all for many combinations of options, however correctly configured they might appear at either end. </p> <div class="mw-heading mw-heading3"><h3 id="Improvements_with_IKEv2">Improvements with IKEv2</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=5" title="Edit section: Improvements with IKEv2"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1251242444">.mw-parser-output .ambox{border:1px solid #a2a9b1;border-left:10px solid #36c;background-color:#fbfbfb;box-sizing:border-box}.mw-parser-output .ambox+link+.ambox,.mw-parser-output .ambox+link+style+.ambox,.mw-parser-output .ambox+link+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+style+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+link+.ambox{margin-top:-1px}html body.mediawiki .mw-parser-output .ambox.mbox-small-left{margin:4px 1em 4px 0;overflow:hidden;width:238px;border-collapse:collapse;font-size:88%;line-height:1.25em}.mw-parser-output .ambox-speedy{border-left:10px solid #b32424;background-color:#fee7e6}.mw-parser-output .ambox-delete{border-left:10px solid #b32424}.mw-parser-output .ambox-content{border-left:10px solid #f28500}.mw-parser-output .ambox-style{border-left:10px solid #fc3}.mw-parser-output .ambox-move{border-left:10px solid #9932cc}.mw-parser-output .ambox-protection{border-left:10px solid #a2a9b1}.mw-parser-output .ambox .mbox-text{border:none;padding:0.25em 0.5em;width:100%}.mw-parser-output .ambox .mbox-image{border:none;padding:2px 0 2px 0.5em;text-align:center}.mw-parser-output .ambox .mbox-imageright{border:none;padding:2px 0.5em 2px 0;text-align:center}.mw-parser-output .ambox .mbox-empty-cell{border:none;padding:0;width:1px}.mw-parser-output .ambox .mbox-image-div{width:52px}@media(min-width:720px){.mw-parser-output .ambox{margin:0 10%}}@media print{body.ns-0 .mw-parser-output .ambox{display:none!important}}</style><table class="box-Confusing plainlinks metadata ambox ambox-style ambox-confusing" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/40px-Edit-clear.svg.png" decoding="async" width="40" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/60px-Edit-clear.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/f/f2/Edit-clear.svg/80px-Edit-clear.svg.png 2x" data-file-width="48" data-file-height="48" /></span></span></div></td><td class="mbox-text"><div class="mbox-text-span">This section <b>may be <a href="/wiki/Wikipedia:Vagueness" title="Wikipedia:Vagueness">confusing or unclear</a> to readers</b>.<span class="hide-when-compact"> Please help <a href="/wiki/Wikipedia:Please_clarify" title="Wikipedia:Please clarify">clarify the section</a>. There might be a discussion about this on <a href="/wiki/Talk:Internet_Key_Exchange" title="Talk:Internet Key Exchange">the talk page</a>.</span> <span class="date-container"><i>(<span class="date">February 2009</span>)</i></span><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> <p>The IKEv2 protocol was described in Appendix A of RFC 4306 in 2005. The following issues were addressed: </p> <ul><li>Fewer <a href="/wiki/Requests_for_Comments" class="mw-redirect" title="Requests for Comments">Requests for Comments</a> (RFCs): The specifications for IKE were covered in at least three RFCs, more if one takes into account <a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a> and other extensions that are in common use. IKEv2 combines these in one RFC as well as making improvements to support for <a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a> (<a href="/wiki/Network_Address_Translation" class="mw-redirect" title="Network Address Translation">Network Address Translation</a> (NAT)) and <a href="/wiki/Firewall_(networking)" class="mw-redirect" title="Firewall (networking)">firewall</a> traversal in general.</li> <li>Standard Mobility support: There is a standard extension for IKEv2 named [rfc:4555 Mobility and Multihoming Protocol] (MOBIKE) (see also, <a href="/wiki/IPsec#IETF_documentation" class="mw-redirect" title="IPsec">IPsec</a>) used to support mobility and multihoming for it and <a href="/wiki/IPsec#Encapsulating_Security_Payload" class="mw-redirect" title="IPsec">Encapsulating Security Payload</a> (ESP). By use of this extension IKEv2 and <a href="/wiki/IPsec" class="mw-redirect" title="IPsec">IPsec</a> can be used by mobile and multihomed users.</li> <li><a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a>: The encapsulation of IKE and <a href="/wiki/IPsec#Encapsulating_Security_Payload" class="mw-redirect" title="IPsec">ESP</a> in <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">User Datagram Protocol</a> (UDP port 4500) enables these protocols to pass through a device or firewall performing <a href="/wiki/Network_Address_Translation" class="mw-redirect" title="Network Address Translation">NAT</a>.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/Stream_Control_Transmission_Protocol" title="Stream Control Transmission Protocol">Stream Control Transmission Protocol</a> (SCTP) support: IKEv2 allows for the <a href="/wiki/Stream_Control_Transmission_Protocol" title="Stream Control Transmission Protocol">SCTP</a> protocol as used in Internet telephony protocol, <a href="/wiki/Voice_over_IP" title="Voice over IP">Voice over IP</a> (VoIP).</li> <li>Simple message exchange: IKEv2 has one four-message initial exchange mechanism where IKE provided eight distinctly different initial exchange mechanisms, each one of which had slight advantages and disadvantages.</li> <li>Fewer cryptographic mechanisms: IKEv2 uses cryptographic mechanisms to protect its packets that are very similar to what IPsec ESP uses to protect the IPsec packets. This led to simpler implementations and certifications for <a href="/wiki/Common_Criteria" title="Common Criteria">Common Criteria</a> and <a href="/wiki/FIPS_140-2" title="FIPS 140-2">FIPS 140-2</a> (<a href="/wiki/Federal_Information_Processing_Standard" class="mw-redirect" title="Federal Information Processing Standard">Federal Information Processing Standard</a> (FIPS), which require each cryptographic implementation to be separately validated.</li> <li>Reliability and State management: IKEv2 uses sequence numbers and acknowledgments to provide reliability and mandates some error processing logistics and shared state management. IKE could end up in a dead state due to the lack of such reliability measures, where both parties were expecting the other to initiate an action - which never eventuated. Work arounds (such as <a href="/wiki/Dead_Peer_Detection" class="mw-redirect" title="Dead Peer Detection">Dead-Peer-Detection</a>) were developed but not standardized. This meant that different implementations of work-arounds were not always compatible.</li> <li><a href="/wiki/Denial_of_Service" class="mw-redirect" title="Denial of Service">Denial of Service</a> (DoS) attack resilience: IKEv2 does not perform much processing until it determines if the requester actually exists. This addressed some of the DoS problems suffered by IKE which would perform a lot of expensive cryptographic processing from <a href="/wiki/IP_address_spoofing" title="IP address spoofing">spoofed</a> locations.</li></ul> <dl><dd>Supposing <b>HostA</b> has a <a href="/wiki/Security_Parameter_Index" title="Security Parameter Index">Security Parameter Index</a> (SPI) of <code>A</code> and <b>HostB</b> has an <a href="/wiki/Security_Parameter_Index" title="Security Parameter Index">SPI</a> of <code>B</code>, the scenario would look like this:</dd></dl> <pre>HostA -------------------------------------------------- HostB |HDR(A,0),sai1,kei,Ni--------------------------> | | <----------------------------HDR(A,0),N(cookie)| |HDR(A,0),N(cookie),sai1,kei,Ni----------------> | | <--------------------------HDR(A,B),SAr1,ker,Nr| </pre> <dl><dd>If <b>HostB</b> (the responder) is experiencing large amounts of half-open IKE connections, it will send an unencrypted reply message of <code>IKE_SA_INIT</code> to <b>HostA</b> (the initiator) with a notify message of type <code>COOKIE</code>, and will expect <b>HostA</b> to send an <code>IKE_SA_INIT</code> request with that cookie value in a notify payload to <b>HostB</b>. This is to ensure that the initiator is really capable of handling an IKE response from the responder.</dd></dl> <div class="mw-heading mw-heading2"><h2 id="Protocol_extensions">Protocol extensions</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=6" title="Edit section: Protocol extensions"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The IETF ipsecme working group has standardized a number of extensions, with the goal of modernizing the IKEv2 protocol and adapting it better to high volume, production environments. These extensions include: </p> <ul><li><b>IKE session resumption</b>: the ability to resume a failed IKE/IPsec "session" after a failure, without the need to go through the entire IKE setup process (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5723">5723</a>).</li> <li><b>IKE redirect</b>: redirection of incoming IKE requests, allowing for simple load-balancing between multiple IKE endpoints (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5685">5685</a>).</li> <li><b>IPsec traffic visibility</b>: special tagging of ESP packets that are authenticated but not encrypted, with the goal of making it easier for middleboxes (such as <a href="/wiki/Intrusion_detection_system" title="Intrusion detection system">intrusion detection systems</a>) to analyze the flow (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5840">5840</a>).</li> <li><b>Mutual EAP authentication</b>: support for <a href="/wiki/Extensible_Authentication_Protocol" title="Extensible Authentication Protocol">EAP</a>-only (i.e., certificate-less) authentication of both of the IKE peers; the goal is to allow for modern <a href="/wiki/Password-authenticated_key_agreement" title="Password-authenticated key agreement">password-based authentication</a> methods to be used (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5998">5998</a>).</li> <li><b>Quick crash detection</b>: minimizing the time until an IKE peer detects that its opposite peer has crashed (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6290">6290</a>).</li> <li><b>High availability extensions</b>: improving IKE/IPsec-level protocol synchronization between a cluster of IPsec endpoints and a peer, to reduce the probability of dropped connections after a failover event (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6311">6311</a>).</li></ul> <div class="mw-heading mw-heading2"><h2 id="Implementations">Implementations</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=7" title="Edit section: Implementations"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>IKE is supported as part of the IPsec implementation in <a href="/wiki/Windows_2000" title="Windows 2000">Windows 2000</a>, <a href="/wiki/Windows_XP" title="Windows XP">Windows XP</a>, <a href="/wiki/Windows_Server_2003" title="Windows Server 2003">Windows Server 2003</a>, <a href="/wiki/Windows_Vista" title="Windows Vista">Windows Vista</a> and <a href="/wiki/Windows_Server_2008" title="Windows Server 2008">Windows Server 2008</a>.<sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> The ISAKMP/IKE implementation was jointly developed by Cisco and Microsoft.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> </p><p>Microsoft <a href="/wiki/Windows_7" title="Windows 7">Windows 7</a> and <a href="/wiki/Windows_Server_2008_R2" title="Windows Server 2008 R2">Windows Server 2008 R2</a> partially support IKEv2 (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7296">7296</a>) as well as MOBIKE (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" />RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4555">4555</a>) through the <i>VPN Reconnect</i> feature (also known as <i>Agile VPN</i>). </p><p>There are several open source implementations of IPsec with associated IKE capabilities. On <a href="/wiki/Linux" title="Linux">Linux</a>, <a href="/wiki/Libreswan" title="Libreswan">Libreswan</a>, <a href="/wiki/Openswan" title="Openswan">Openswan</a> and <a href="/wiki/StrongSwan" title="StrongSwan">strongSwan</a> implementations provide an IKE daemon which can configure (i.e., establish SAs) to the KLIPS or XFRM/NETKEY kernel-based IPsec stacks. XFRM/NETKEY is the <a href="/wiki/Linux_kernel" title="Linux kernel">Linux</a> native IPsec implementation available as of version 2.6. </p><p>The <a href="/wiki/Berkeley_Software_Distribution" title="Berkeley Software Distribution">Berkeley Software Distributions</a> also implements IPsec, IKE daemon via the <a href="/wiki/OpenBSD_Cryptographic_Framework" title="OpenBSD Cryptographic Framework">OpenBSD Cryptographic Framework</a> (OCF), which makes supporting <a href="/wiki/Cryptographic_accelerator" title="Cryptographic accelerator">cryptographic accelerators</a> much easier. OCF has recently been ported to Linux. </p><p>A number of network equipment vendors have created their own IKE daemons (and IPsec implementations), or license a stack from one another. </p><p>There are a number of implementations of IKEv2 and some of the companies dealing in IPsec certification and interoperability testing are starting to hold workshops for testing as well as updated certification requirements to deal with IKEv2 testing. </p><p>The following open source implementations of IKEv2 are available: </p> <ul><li>OpenIKEv2,<sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup></li> <li><a href="/wiki/StrongSwan" title="StrongSwan">strongSwan</a>,</li> <li><a href="/wiki/Libreswan" title="Libreswan">Libreswan</a>,</li> <li><a href="/wiki/Openswan" title="Openswan">Openswan</a>,</li> <li><a href="/wiki/Racoon_(KAME)" class="mw-redirect" title="Racoon (KAME)">Racoon</a> from the <a href="/wiki/KAME_project" title="KAME project">KAME project</a>,</li> <li>iked from the <a href="/wiki/OpenBSD" title="OpenBSD">OpenBSD</a> project.<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading2"><h2 id="Vulnerabilities">Vulnerabilities</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=8" title="Edit section: Vulnerabilities"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Leaked <a href="/wiki/NSA" class="mw-redirect" title="NSA">NSA</a> presentations released in 2014 by <span title="German-language text"><i lang="de"><a href="/wiki/Der_Spiegel" title="Der Spiegel">Der Spiegel</a></i></span> indicate that IKE is being exploited in an unknown manner to decrypt IPsec traffic, as is ISAKMP.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup> The researchers who discovered the <a href="/wiki/Logjam_(computer_security)" title="Logjam (computer security)">Logjam attack</a> state that breaking a 1024-bit Diffie–Hellman group would break 66% of VPN servers, 18% of the top million HTTPS domains, and 26% of SSH servers, which the researchers claim is consistent with the leaks.<sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> This claim was refuted in 2015 by both Eyal Ronen and <a href="/wiki/Adi_Shamir" title="Adi Shamir">Adi Shamir</a> in their paper "Critical Review of Imperfect Forward Secrecy"<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup> and by Paul Wouters of Libreswan in a 2015 article "66% of VPN's [<i><a href="/wiki/Sic" title="Sic">sic</a></i>] are not in fact broken".<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup> </p><p>IPsec VPN configurations which allow for negotiation of multiple configurations are subject to <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack"> MITM</a>-based <a href="/wiki/Downgrade_attack" title="Downgrade attack">downgrade attacks</a> between the offered configurations, with both IKEv1 and IKEv2.<sup id="cite_ref-ike-downgrade_23-0" class="reference"><a href="#cite_note-ike-downgrade-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> This can be avoided by careful segregation of client systems onto multiple service access points with stricter configurations. </p><p>Both versions of the IKE standard are susceptible to an offline <a href="/wiki/Dictionary_attack" title="Dictionary attack">dictionary attack</a> when a low entropy password is used. For the IKEv1 this is true for main mode and aggressive mode.<sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=9" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Computer_network" title="Computer network">Computer network</a></li> <li><a href="/wiki/Group_Domain_of_Interpretation" title="Group Domain of Interpretation">Group Domain of Interpretation</a></li> <li><a href="/wiki/IPsec" class="mw-redirect" title="IPsec">IPsec</a></li> <li><a href="/wiki/Kerberized_Internet_Negotiation_of_Keys" title="Kerberized Internet Negotiation of Keys">Kerberized Internet Negotiation of Keys</a></li> <li><a href="/wiki/Key-agreement_protocol" title="Key-agreement protocol">Key-agreement protocol</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=10" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-rfc2409_sec1-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc2409_sec1_1-0">^</a></b></span> <span class="reference-text">The Internet Key Exchange (IKE), RFC 2409, §1 Abstract</span> </li> <li id="cite_note-rfc3129p1-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-rfc3129p1_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-rfc3129p1_2-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFThomas2001" class="citation cs2">Thomas, M. (June 2001), <a rel="nofollow" class="external text" href="http://tools.ietf.org/html/rfc3129"><i>RFC 3129: Requirements for Kerberized Internet Negotiation of Keys</i></a>, <a href="/wiki/Internet_Engineering_Task_Force" title="Internet Engineering Task Force">Internet Engineering Task Force</a>, p. 1, <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC3129">10.17487/RFC3129</a></span></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=RFC+3129%3A+Requirements+for+Kerberized+Internet+Negotiation+of+Keys&rft.pages=1&rft.pub=Internet+Engineering+Task+Force&rft.date=2001-06&rft_id=info%3Adoi%2F10.17487%2FRFC3129&rft.aulast=Thomas&rft.aufirst=M.&rft_id=http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc3129&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-rfc4322p5-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc4322p5_3-0">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFRichardsonRedelmeier2001" class="citation cs2">Richardson, M.; Redelmeier, D.H. (June 2001), <a rel="nofollow" class="external text" href="http://tools.ietf.org/html/rfc4322"><i>RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE)</i></a>, <a href="/wiki/Internet_Engineering_Task_Force" title="Internet Engineering Task Force">Internet Engineering Task Force</a>, p. 5, <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4322">10.17487/RFC4322</a></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=RFC+4322%3A+Opportunistic+Encryption+using+the+Internet+Key+Exchange+%28IKE%29&rft.pages=5&rft.pub=Internet+Engineering+Task+Force&rft.date=2001-06&rft_id=info%3Adoi%2F10.17487%2FRFC4322&rft.aulast=Richardson&rft.aufirst=M.&rft.au=Redelmeier%2C+D.H.&rft_id=http%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc4322&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation cs1"><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2407"><i>The Internet IP Security Domain of Interpretation for ISAKMP</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC2407">10.17487/RFC2407</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2407">2407</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Internet+IP+Security+Domain+of+Interpretation+for+ISAKMP&rft_id=info%3Adoi%2F10.17487%2FRFC2407&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc2407&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation cs1"><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2408"><i>Internet Security Association and Key Management Protocol (ISAKMP)</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC2408">10.17487/RFC2408</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2408">2408</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Internet+Security+Association+and+Key+Management+Protocol+%28ISAKMP%29&rft_id=info%3Adoi%2F10.17487%2FRFC2408&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc2408&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFD._Harkins" class="citation cs1">D. Harkins. <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2409"><i>The Internet Key Exchange (IKE)</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC2409">10.17487/RFC2409</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2409">2409</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Internet+Key+Exchange+%28IKE%29&rft_id=info%3Adoi%2F10.17487%2FRFC2409&rft.au=D.+Harkins&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc2409&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFC._Kaufman_(Microsoft)2005" class="citation cs1">C. Kaufman (Microsoft) (December 2005). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4306"><i>Internet Key Exchange (IKEv2) Protocol</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4306">10.17487/RFC4306</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4306">4306</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Internet+Key+Exchange+%28IKEv2%29+Protocol&rft.date=2005-12&rft_id=info%3Adoi%2F10.17487%2FRFC4306&rft.au=C.+Kaufman+%28Microsoft%29&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4306&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFEronenHoffman2006" class="citation cs1">Eronen, P.; Hoffman, P. (October 2006). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4718"><i>IKEv2 Clarifications and Implementation Guidelines</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4718">10.17487/RFC4718</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4718">4718</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=IKEv2+Clarifications+and+Implementation+Guidelines&rft.date=2006-10&rft_id=info%3Adoi%2F10.17487%2FRFC4718&rft.aulast=Eronen&rft.aufirst=P.&rft.au=Hoffman%2C+P.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4718&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFKaufmanHoffmanNirEronen2010" class="citation cs1">Kaufman, C.; Hoffman, P.; Nir, Y.; Eronen, P. (September 2010). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5996"><i>Internet Key Exchange (IKEv2) Protocol</i></a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC5996">10.17487/RFC5996</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5996">5996</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Internet+Key+Exchange+%28IKEv2%29+Protocol&rft.date=2010-09&rft_id=info%3Adoi%2F10.17487%2FRFC5996&rft.aulast=Kaufman&rft.aufirst=C.&rft.au=Hoffman%2C+P.&rft.au=Nir%2C+Y.&rft.au=Eronen%2C+P.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5996&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-The_Internet_Key_Exchange_p._5-10"><span class="mw-cite-backlink">^ <a href="#cite_ref-The_Internet_Key_Exchange_p._5_10-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-The_Internet_Key_Exchange_p._5_10-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-The_Internet_Key_Exchange_p._5_10-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text">"RFC 2409 The Internet Key Exchange (IKE)", Internet Engineering Task Force (IETF), p. 5</span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text">"RFC 2409 The Internet Key Exchange (IKE)", Internet Engineering Task Force (IETF), p. 6</span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text">"RFC 2409 The Internet Key Exchange (IKE)", Internet Engineering Task Force (IETF), p. 10-16</span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text">"RFC 4306 Internet Key Exchange (IKEv2) Protocol", Internet Engineering Task Force (IETF), p. 11,33</span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text">"RFC 4306: Internet Key Exchange (IKEv2) Protocol", Internet Engineering Task Force (IETF), p 38-40</span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><a rel="nofollow" class="external text" href="https://technet.microsoft.com/en-us/library/cc784994(WS.10).aspx">Internet Key Exchange: Internet Protocol Security (IPsec): Technet</a></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20081012153631/http://www.securityfocus.com/infocus/1519">"Using IPSec in Windows 2000 and XP, Part 1"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.securityfocus.com/infocus/1519">the original</a> on 2008-10-12<span class="reference-accessdate">. Retrieved <span class="nowrap">2009-12-24</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Using+IPSec+in+Windows+2000+and+XP%2C+Part+1&rft_id=http%3A%2F%2Fwww.securityfocus.com%2Finfocus%2F1519&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://github.com/OpenIKEv2">"OpenIKEv2"</a>. <i>GitHub</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-06-21</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=GitHub&rft.atitle=OpenIKEv2&rft_id=https%3A%2F%2Fgithub.com%2FOpenIKEv2&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://man.openbsd.org/OpenBSD-current/man8/iked.8">"iked(8) - OpenBSD manual pages"</a>. <i>man.openbsd.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-06-21</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=man.openbsd.org&rft.atitle=iked%288%29+-+OpenBSD+manual+pages&rft_id=http%3A%2F%2Fman.openbsd.org%2FOpenBSD-current%2Fman8%2Fiked.8&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite class="citation cs2"><a rel="nofollow" class="external text" href="http://www.spiegel.de/media/media-35529.pdf"><i>Fielded Capability: End-to-end VPN SPIN9 Design Review</i></a> <span class="cs1-format">(PDF)</span>, NSA via 'Der Spiegel', p. 5</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Fielded+Capability%3A+End-to-end+VPN+SPIN9+Design+Review&rft.pages=5&rft.pub=NSA+via+%27Der+Spiegel%27&rft_id=http%3A%2F%2Fwww.spiegel.de%2Fmedia%2Fmedia-35529.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFAdrianBhargavanDurumericGaudry2015" class="citation conference cs1">Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; <a href="/wiki/Nadia_Heninger" title="Nadia Heninger">Heninger, Nadia</a>; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (October 2015). <a rel="nofollow" class="external text" href="https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf"><i>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</i></a> <span class="cs1-format">(PDF)</span>. 22nd ACM Conference on Computer and Communications Security (CCS ’15). <a href="/wiki/Denver" title="Denver">Denver</a><span class="reference-accessdate">. Retrieved <span class="nowrap">15 June</span> 2016</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=Imperfect+Forward+Secrecy%3A+How+Diffie-Hellman+Fails+in+Practice&rft.place=Denver&rft.date=2015-10&rft.aulast=Adrian&rft.aufirst=David&rft.au=Bhargavan%2C+Karthikeyan&rft.au=Durumeric%2C+Zakir&rft.au=Gaudry%2C+Pierrick&rft.au=Green%2C+Matthew&rft.au=Halderman%2C+J.+Alex&rft.au=Heninger%2C+Nadia&rft.au=Springall%2C+Drew&rft.au=Thom%C3%A9%2C+Emmanuel&rft.au=Valenta%2C+Luke&rft.au=VanderSloot%2C+Benjamin&rft.au=Wustrow%2C+Eric&rft.au=Zanella-B%C3%A9guelin%2C+Santiago&rft.au=Zimmermann%2C+Paul&rft_id=https%3A%2F%2Fweakdh.org%2Fimperfect-forward-secrecy-ccs15.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFRonenShamir2015" class="citation web cs1">Ronen, Eyal; Shamir, Adi (October 2015). <a rel="nofollow" class="external text" href="http://www.wisdom.weizmann.ac.il/~eyalro/RonenShamirDhReview.pdf">"Critical Review of Imperfect Forward Secrecy"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Critical+Review+of+Imperfect+Forward+Secrecy&rft.date=2015-10&rft.aulast=Ronen&rft.aufirst=Eyal&rft.au=Shamir%2C+Adi&rft_id=http%3A%2F%2Fwww.wisdom.weizmann.ac.il%2F~eyalro%2FRonenShamirDhReview.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFWouters2015" class="citation web cs1">Wouters, Paul (October 2015). <a rel="nofollow" class="external text" href="https://nohats.ca/wordpress/blog/2015/10/17/66-of-vpns-are-not-in-fact-broken/">"66% of VPN's are not in fact broken"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=66%25+of+VPN%27s+are+not+in+fact+broken&rft.date=2015-10&rft.aulast=Wouters&rft.aufirst=Paul&rft_id=https%3A%2F%2Fnohats.ca%2Fwordpress%2Fblog%2F2015%2F10%2F17%2F66-of-vpns-are-not-in-fact-broken%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-ike-downgrade-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-ike-downgrade_23-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFBhargavanBrzuskaFournetKohlweiss2016" class="citation web cs1">Bhargavan, Karthikeyan; Brzuska, Christina; Fournet, Cédric; Kohlweiss, Markulf; Zanella-Béguelin, Santiago; Green, Matthew (January 2016). <a rel="nofollow" class="external text" href="https://eprint.iacr.org/2016/072.pdf">"Downgrade Resilience in Key-Exchange Protocols"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Downgrade+Resilience+in+Key-Exchange+Protocols&rft.date=2016-01&rft.aulast=Bhargavan&rft.aufirst=Karthikeyan&rft.au=Brzuska%2C+Christina&rft.au=Fournet%2C+C%C3%A9dric&rft.au=Kohlweiss%2C+Markulf&rft.au=Zanella-B%C3%A9guelin%2C+Santiago&rft.au=Green%2C+Matthew&rft_id=https%3A%2F%2Feprint.iacr.org%2F2016%2F072.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFPliam1999" class="citation web cs1">Pliam, John (2 October 1999). <a rel="nofollow" class="external text" href="http://skysrv.pha.jhu.edu/~jpliam/ima/xauth/">"Authentication Vulnerabilities in IKE and Xauth with Weak Pre-Shared Secrets"</a>. <i>Johns Hopkins University</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20020610050311/http://www.ima.umn.edu/~pliam/xauth/">Archived</a> from the original on 10 June 2002<span class="reference-accessdate">. Retrieved <span class="nowrap">5 February</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Johns+Hopkins+University&rft.atitle=Authentication+Vulnerabilities+in+IKE+and+Xauth+with+Weak+Pre-Shared+Secrets&rft.date=1999-10-02&rft.aulast=Pliam&rft.aufirst=John&rft_id=http%3A%2F%2Fskysrv.pha.jhu.edu%2F~jpliam%2Fima%2Fxauth%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFMcGrew2011" class="citation web cs1">McGrew, David (5 July 2011). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110709020412/http://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key/">"Great Cipher, But Where Did You Get That Key"</a>. <i>Cisco Blog</i>. Archived from <a rel="nofollow" class="external text" href="http://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key/">the original</a> on 9 July 2011<span class="reference-accessdate">. Retrieved <span class="nowrap">11 February</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco+Blog&rft.atitle=Great+Cipher%2C+But+Where+Did+You+Get+That+Key&rft.date=2011-07-05&rft.aulast=McGrew&rft.aufirst=David&rft_id=http%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Fgreat-cipher-but-where-did-you-get-that-key%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222" /><cite id="CITEREFFelsch2018" class="citation book cs1">Felsch, Dennis (August 2018). <a rel="nofollow" class="external text" href="https://www.usenix.org/conference/usenixsecurity18/presentation/felsch"><i>The Dangers of Key Reuse: Practical Attacks on IPsec IKE</i></a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9781939133045" title="Special:BookSources/9781939133045"><bdi>9781939133045</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">11 February</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Dangers+of+Key+Reuse%3A+Practical+Attacks+on+IPsec+IKE&rft.date=2018-08&rft.isbn=9781939133045&rft.aulast=Felsch&rft.aufirst=Dennis&rft_id=https%3A%2F%2Fwww.usenix.org%2Fconference%2Fusenixsecurity18%2Fpresentation%2Ffelsch&rfr_id=info%3Asid%2Fen.wikipedia.org%3AInternet+Key+Exchange" class="Z3988"></span> <span class="cs1-visible-error citation-comment"><code class="cs1-code">{{<a href="/wiki/Template:Cite_book" title="Template:Cite book">cite book</a>}}</code>: </span><span class="cs1-visible-error citation-comment"><code class="cs1-code">|website=</code> ignored (<a href="/wiki/Help:CS1_errors#periodical_ignored" title="Help:CS1 errors">help</a>)</span></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Internet_Key_Exchange&action=edit&section=11" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2407">RFC 2407 Internet Security Association and Key Management Protocol (ISAKMP)</a>, Internet Engineering Task Force (IETF)</li> <li><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2409">RFC 2409 The Internet Key Exchange (IKE)</a>, Internet Engineering Task Force (IETF)</li> <li><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7296">RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2)</a>, Internet Engineering Task Force (IETF)</li> <li><a rel="nofollow" class="external text" href="http://www.ciscopress.com/articles/article.asp?p=25474&seqNum=1">Overview of IKE (from Cisco)</a></li></ul> <!-- NewPP limit report Parsed by mw‐web.codfw.main‐866f5d587f‐tr2wh Cached time: 20250328041410 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 0.380 seconds Real time usage: 0.446 seconds Preprocessor visited node count: 5007/1000000 Post‐expand include size: 60979/2097152 bytes Template argument size: 2714/2097152 bytes Highest expansion depth: 16/100 Expensive parser function count: 3/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 105894/5000000 bytes Lua time usage: 0.235/10.000 seconds Lua memory usage: 14681823/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 401.705 1 -total 38.77% 155.724 1 Template:Reflist 19.47% 78.213 1 Template:Lang 13.14% 52.780 15 Template:IETF_RFC 12.46% 50.058 15 Template:Catalog_lookup_link 12.46% 50.041 1 Template:Short_description 12.38% 49.744 6 Template:Cite_IETF 11.42% 45.888 3 Template:Citation 7.46% 29.956 2 Template:Pagetype 6.52% 26.208 8 Template:Cite_web --> <!-- Saved in parser cache with key enwiki:pcache:194340:|#|:idhash:canonical and timestamp 20250328041410 and revision id 1278383670. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&usesul3=0" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Internet_Key_Exchange&oldid=1278383670">https://en.wikipedia.org/w/index.php?title=Internet_Key_Exchange&oldid=1278383670</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:IPsec" title="Category:IPsec">IPsec</a></li><li><a href="/wiki/Category:Cryptographic_protocols" title="Category:Cryptographic protocols">Cryptographic protocols</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_errors:_periodical_ignored" title="Category:CS1 errors: periodical ignored">CS1 errors: periodical ignored</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_June_2015" title="Category:Articles with unsourced statements from June 2015">Articles with unsourced statements from June 2015</a></li><li><a href="/wiki/Category:Wikipedia_articles_needing_clarification_from_February_2009" title="Category:Wikipedia articles needing clarification from February 2009">Wikipedia articles needing clarification from February 2009</a></li><li><a href="/wiki/Category:All_Wikipedia_articles_needing_clarification" title="Category:All Wikipedia articles needing clarification">All Wikipedia articles needing clarification</a></li><li><a href="/wiki/Category:Articles_containing_German-language_text" title="Category:Articles containing German-language text">Articles containing German-language text</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 2 March 2025, at 03:42<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Internet_Key_Exchange&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://www.wikimedia.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><picture><source media="(min-width: 500px)" srcset="/static/images/footer/wikimedia-button.svg" width="84" height="29"><img src="/static/images/footer/wikimedia.svg" width="25" height="25" alt="Wikimedia Foundation" lang="en" loading="lazy"></picture></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><picture><source media="(min-width: 500px)" srcset="/w/resources/assets/poweredby_mediawiki.svg" width="88" height="31"><img src="/w/resources/assets/mediawiki_compact.svg" alt="Powered by MediaWiki" lang="en" width="25" height="25" loading="lazy"></picture></a></li> </ul> </footer> </div> </div> </div> <div class="vector-header-container vector-sticky-header-container"> <div id="vector-sticky-header" class="vector-sticky-header"> <div class="vector-sticky-header-start"> <div class="vector-sticky-header-icon-start vector-button-flush-left vector-button-flush-right" aria-hidden="true"> <button class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-sticky-header-search-toggle" tabindex="-1" data-event-name="ui.vector-sticky-search-form.icon"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </button> </div> <div role="search" class="vector-search-box-vue vector-search-box-show-thumbnail vector-search-box"> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail"> <form action="/w/index.php" id="vector-sticky-search-form" class="cdx-search-input cdx-search-input--has-end-button"> <div class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia"> <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <div class="vector-sticky-header-context-bar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-sticky-header-toc" class="vector-dropdown mw-portlet mw-portlet-sticky-header-toc vector-sticky-header-toc vector-button-flush-left" > <input type="checkbox" id="vector-sticky-header-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-sticky-header-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-sticky-header-toc-label" for="vector-sticky-header-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-sticky-header-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div class="vector-sticky-header-context-bar-primary" aria-hidden="true" ><span class="mw-page-title-main">Internet Key Exchange</span></div> </div> </div> <div class="vector-sticky-header-end" aria-hidden="true"> <div class="vector-sticky-header-icons"> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-talk-sticky-header" tabindex="-1" data-event-name="talk-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbles mw-ui-icon-wikimedia-speechBubbles"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-subject-sticky-header" tabindex="-1" data-event-name="subject-sticky-header"><span class="vector-icon mw-ui-icon-article mw-ui-icon-wikimedia-article"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-history-sticky-header" tabindex="-1" data-event-name="history-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-history mw-ui-icon-wikimedia-wikimedia-history"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only mw-watchlink" id="ca-watchstar-sticky-header" tabindex="-1" data-event-name="watch-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-star mw-ui-icon-wikimedia-wikimedia-star"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-edit-sticky-header" tabindex="-1" data-event-name="wikitext-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-wikiText mw-ui-icon-wikimedia-wikimedia-wikiText"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-ve-edit-sticky-header" tabindex="-1" data-event-name="ve-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-edit mw-ui-icon-wikimedia-wikimedia-edit"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-viewsource-sticky-header" tabindex="-1" data-event-name="ve-edit-protected-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-editLock mw-ui-icon-wikimedia-wikimedia-editLock"></span> <span></span> </a> </div> <div class="vector-sticky-header-buttons"> <button class="cdx-button cdx-button--weight-quiet mw-interlanguage-selector" id="p-lang-btn-sticky-header" tabindex="-1" data-event-name="ui.dropdown-p-lang-btn-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-language mw-ui-icon-wikimedia-wikimedia-language"></span> <span>17 languages</span> </button> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive" id="ca-addsection-sticky-header" tabindex="-1" data-event-name="addsection-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbleAdd-progressive mw-ui-icon-wikimedia-speechBubbleAdd-progressive"></span> <span>Add topic</span> </a> </div> <div class="vector-sticky-header-icon-end"> <div class="vector-user-links"> </div> </div> </div> </div> </div> <div class="mw-portlet mw-portlet-dock-bottom emptyPortlet" id="p-dock-bottom"> <ul> </ul> </div> <script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-779c5f569f-cz6jj","wgBackendResponseTime":127,"wgPageParseReport":{"limitreport":{"cputime":"0.380","walltime":"0.446","ppvisitednodes":{"value":5007,"limit":1000000},"postexpandincludesize":{"value":60979,"limit":2097152},"templateargumentsize":{"value":2714,"limit":2097152},"expansiondepth":{"value":16,"limit":100},"expensivefunctioncount":{"value":3,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":105894,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 401.705 1 -total"," 38.77% 155.724 1 Template:Reflist"," 19.47% 78.213 1 Template:Lang"," 13.14% 52.780 15 Template:IETF_RFC"," 12.46% 50.058 15 Template:Catalog_lookup_link"," 12.46% 50.041 1 Template:Short_description"," 12.38% 49.744 6 Template:Cite_IETF"," 11.42% 45.888 3 Template:Citation"," 7.46% 29.956 2 Template:Pagetype"," 6.52% 26.208 8 Template:Cite_web"]},"scribunto":{"limitreport-timeusage":{"value":"0.235","limit":"10.000"},"limitreport-memusage":{"value":14681823,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-866f5d587f-tr2wh","timestamp":"20250328041410","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Internet Key Exchange","url":"https:\/\/en.wikipedia.org\/wiki\/Internet_Key_Exchange","sameAs":"http:\/\/www.wikidata.org\/entity\/Q2455266","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q2455266","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2003-03-10T06:36:39Z","dateModified":"2025-03-02T03:42:11Z","headline":"part of the IPsec protocol suite for securing IP communications"}</script> </body> </html>