Cisco Cisco Packet Data Gateway (PDG)
IPSec Reference, StarOS Release 16 ▄
63
Chapter 5
ISAKMP Policy Configuration
This chapter describes how to create and verify ISAKMP (Internet Security Association Key Management Protocol)
policies. ISAKMP is a protocol defined by RFC 2408 for establishing Security Associations (SA) and cryptographic
keys in an Internet environment.
policies. ISAKMP is a protocol defined by RFC 2408 for establishing Security Associations (SA) and cryptographic
keys in an Internet environment.
ISAKMP defines the procedures for authenticating a communicating peer, creation and management of Security
Associations, key generation techniques and threat mitigation (for example, denial of service and replay attacks).
Associations, key generation techniques and threat mitigation (for example, denial of service and replay attacks).
ISAKMP defines procedures and packet formats to establish, negotiate, modify and delete Security Associations. SAs
contain all the information required for execution of various network security services, such as the IP layer services
(header authentication and payload encapsulation), transport or application layer services or self-protection of
negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data. These formats
provide a consistent framework for transferring key and authentication data which is independent of the key generation
technique, encryption algorithm and authentication mechanism.
contain all the information required for execution of various network security services, such as the IP layer services
(header authentication and payload encapsulation), transport or application layer services or self-protection of
negotiation traffic. ISAKMP defines payloads for exchanging key generation and authentication data. These formats
provide a consistent framework for transferring key and authentication data which is independent of the key generation
technique, encryption algorithm and authentication mechanism.
The following topics are discussed: