Internet Key Exchange IKEv1 and IKEv2 Overview

Internet Key Exchange (IKE) is an authentication protocol used to set up secure and authenticated communication channel between two endpoints to establish IKE tunnels or Security Associations (SAs) used for Internet Protocol Security (IPsec). IKEv1 and IKEv2 are the two versions of IKE.

 

Internet Key Exchange v1 (IKEv1)

Internet Security Association Key Management Protocol (ISAKMP) is an authentication and key exchange framework. IKE protocol is an ISAKMP implementation that employs the Oakley and Skeme key exchange methodologies.

 

IKEv1 specifies two significant negotiation phases for IKE and IPsec SA establishment:

  • Phase 1: Establishes a bidirectional ISAKMP SA between two IKE peers. Once established, any peer can start phase 2 negotiations.
  • Phase 2: Establishes unidirectional IPsec Security Associations (SAs) using the ISAKMP SA established in phase 1.

 

IKEv1 Phase 1

Phase 1 negotiation can take place using Main Mode or Aggressive Mode. The initiator is the peer who starts the SA negotiation process, while the responder is the other peer.

Main Mode (MM)

Main Mode comprises six message exchanges and attempts to secure all information during the negotiation to prevent eavesdropping.

  1. MM1: The first message the initiator sends to a responder. One or more SA offers are presented, and the responder must match one of them. The SA proposals include the following combinations:
    • Hash Algorithm: MD5 or SHA
    • Encryption Algorithm: DES, 3DES, or AES
    • Authentication Method: PSK or digital certificates
    • Diffie-Hellman (DH) Group: 1, 2, 5, etc.
    • Lifetime: The time it takes the IKE Phase 1 tunnel until it’s torn down. The default is 24 hours. This parameter doesn’t need to match both peers since the shortest lifetime is used.
  2. MM2: The responder sends this message along with the matched SA proposal to the initiator.
  3. MM3: The initiator initiates the DH key exchange in this message.
  4. MM4: The responder sends to the initiator its own key. At this stage, encryption keys have been shared, and encryption for the ISAKMP SA has been established.
  5. MM5: The initiator begins authentication by sending its IP address to the peer router.
  6. MM6: The responder replies with a corresponding packet to authenticate the session. The ISAKMP SA has been established at this stage.

 

Aggressive Mode (AM)

With Main Mode, the identification of the two IKE peers is concealed. It is very secure and flexible but slower in finishing the negotiation. Aggressive Mode comprises three message exchanges, so it’s faster, but the peers’ identities are exposed, and it doesn’t provide the same level of security and flexibility as Main Mode.

  1. AM1: The initiator sends all of the information from MM1 through MM3 and MM5 in this message.
  2. AM2: This message sends all the same information from MM2, MM4, and MM6.
  3. AM3: The authentication contained in MM5 is sent in this message.

 

IKEv1 Phase 2

Phase 2 utilizes the current bidirectional IKE SA secure channel created in phase 1 to transmit messages between the two peers to establish IPsec SAs. A single IPsec SA negotiation generates two unidirectional IPsec SAs, one on each peer.

Quick Mode (QM)

Quick Mode is the method used to establish the IPsec Security Association. It  involves a three-message exchange:

  1. QM1: The initiator can initiate various IPsec SAs in a single exchange message.  This message contains agreed-upon encryption algorithms and integrity intended as part of phase 1, including what traffic is to be encrypted or secured.
  2. QM2: This responder’s message contains matching IPsec parameters.
  3. QM3: After this message, there must be two unidirectional IPsec SAs between the two peers.

 

Perfect Forward Secrecy (PFS)

PFS is a recommended but optional feature for Phase 2. It needs more DH exchanges, which consume more CPU cycles. It aims to improve resistance to crypto attacks and retain the privacy of IPsec tunnels by generating session keys separately from any previous key. Therefore, a compromised key does not jeopardize future keys.

The following can be deduced from the minimum number of messages that can be sent by Main, Aggressive, and Quick modes for IPsec SAs:

  • Main Mode (6 messages) plus Quick Mode (3 messages), for a total of 9 messages.
  • Aggressive Mode (3 messages) plus Quick Mode (3 messages), for a total of 6 messages.

 

Internet Key Exchange v2 (IKEv2)

IKEv2 was created to address the drawbacks of IKEv1 and offers several updates and improvements over IKEv1. Knowing IKEv1 is still necessary since some legacy infrastructures have not yet moved to IKEv2 or contain devices or features that don’t support IKEv2.

 

IKEv2 Exchanges

One of the most significant IKEv2 advances is negotiating Security Associations (SAs). Communications are made up of request and response pairs known as exchanges or simply request/response pairs.

  1. IKE_SA_INIT: The first exchange. It negotiates cryptographic algorithms, exchanges nonces, and does a DH exchange. It is identical to IKEv1’s MM1 to MM4 messages but as a single request/response pair.
  2. IKE_AUTH: The second exchange. It authenticates the earlier messages and exchanges identities and certificates. It establishes an IKE SA and a Child SA or the IPsec SA. It is identical to IKEv1’s MM5 to MM6 and QM1 and QM2 but done as a single request/response pair.

The bidirectional IKE SA and unidirectional IPsec SAs are generated in four messages. If more IPsec SAs are necessary, IKEv2 utilizes just two messages, a request/response pair, with a CREATE_CHILD_SA exchange. IKEv1 and IKEv2 SA exchanges are entirely different and incompatible with each other.

 

IKEv2 Improvements

The latest version of the IKE protocol defined in RFC 7296 is IKEv2. The changes and improvements of IKEv2 include the following:

  • Improved Efficiency: Lighter and fewer exchanges. It uses less bandwidth to establish SAs.
  • Elliptic Curve Digital Signature Algorithm (ECDSA-SIG): Newer and more efficient public key alternative.
  • Extensible Authentication Protocol (EAP): Ideal for remote-access Virtual Private Network (VPN).
  • Next-Generation Encryption (NGE): Provides security and cryptography to prevent threats.
  • Asymmetric Authentication: Each peer can choose their own authentication mechanism.
  • Anti-DoS: Detects if an IPsec router is under attack and reduces resource usage.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: