Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

ISAKMP KEY question

When creating a site-to-site VPN, I understand that the ISAKMP key is used to authenticate a connecting device when starting IKE Phase 1.

Does this key have anything to do with encryption/decryption or is it strictly for authentication only?

4 REPLIES
Bronze

Re: ISAKMP KEY question

From RFC 2408:

"The Internet Security Association and Key

Management Protocol (ISAKMP) defines the procedures for

authenticating a communicating peer, creation and management of

Security Associations, key generation techniques, and threat

mitigation (e.g. denial of service and replay attacks). All of

these are necessary to establish and maintain secure communications

(via IP Security Service or any other security protocol) in an

Internet environment."

Bronze

Re: ISAKMP KEY question

I'm sorry, I should clarify. I am talking specifically about when you use a preshared key. Is this preshared key used for encryption/decryption as well as authentication of the remote device?

Bronze

Re: ISAKMP KEY question

As far as I know the pre-shared key is using to establish phase2 and thus solely use for authentication.

Hall of Fame Super Silver

Re: ISAKMP KEY question

Joshua

The pre shared key is NOT used for encryption of any data traffic in the site to site VPN. It is used for authentication and to help negotiate the keys that are used for data traffic encryption.

HTH

Rick

125
Views
5
Helpful
4
Replies
CreatePlease to create content