Home > Articles > Cisco Network Technology > General Networking > IPSec Overview Part Four: Internet Key Exchange (IKE)

IPSec Overview Part Four: Internet Key Exchange (IKE)

Article Description

In part 4 of his five-part series on the Cisco implementation of IPSec, Andrew Mason describes the Internet Key Exchange (IKE).

Pre-Shared Keys

With pre-shared keys, the same pre-shared key is configured on each IPSec peer. IKE peers authenticate each other by computing and sending a keyed hash of data that includes the pre-shared key. If the receiving peer is able to independently create the same hash using its pre-shared key, then it knows that both peers must share the same secret, thus authenticating the other peer.

Pre-shared keys are easier to configure than manually configuring IPSec policy values on each IPSec peer. But pre-shared keys don't scale well because each IPSec peer must be configured with the pre-shared key of every other peer with which it will establish a session.

3. RSA Signatures | Next Section Previous Section