Internet Security Association and Key Management Protocol
| application | ISAKMP | ||||
| transport | UDP | TCP | |||
| Internet | IP ( IPv4 , IPv6 ) | ||||
| Network access | Ethernet |
Token bus |
Token ring |
FDDI | ... |
Internet Security Association and Key Management Protocol ( ISAKMP ) is a network protocol for establishing security associations (SA) and exchanging cryptographic keys on the Internet . The protocol was originally defined in RFC 2408 and then integrated into the Internet Key Exchange (IKEv2) protocol defined in RFC 4306 .
Overview
ISAKMP defines procedures for the authentication of communication partners, creation and management of security associations , key generation and the reduction of attack possibilities (e.g. denial-of-service or replay attacks ). IKE is usually used for key exchange, but other methods are also possible.
The protocol defines procedures and packet formats for creating, negotiating, modifying and deleting security associations. SAs contain information for the execution of various security services on the network layer (such as ESP or AH are required), the transport or application layer.
implementation
Under Microsoft Windows , the IPsec services take over the function of ISAKMP.
The KAME project implements ISAKMP for BSD and Linux .
See also
Web links
- RFC 4306 - Internet Key Exchange (IKEv2) Protocol
- KAME project website