55
How Packet Protect Uses IKE
IKE is a set of standard protocols developed by the Internet Engineering Task
Force (IETF). IKE is used to authenticate and negotiate a protected communica-
tion. Using IKE is a two step process:
1 IKE verifies the pre-shared keys of the two computers that are attempting
to communicate.
2 IKE negotiates a set of security settings to be used by IPSec.
Each computer must agree upon the security settings before IKE can establish a
protected communication for IPSec.
Identity Negotiation Settings
When IKE negotiates security for two computers, it requires that the following
be compatible:
• IKE settings
• Authentication method
IKE Settings
IKE settings are agreed upon by the two computers that are attempting to verify
each other’s pre-shared key. They are used to protect the IKE negotiation trans-
actions. This allows the two computers to negotiate without compromising
secret key or password information.
The diagram below shows the steps that Packet Protect performs to protect a
communication. The IKE settings are used during Steps 1 and 2.
Packet Protect uses pre-defined IKE settings, designed for maximum compati-
bility with computers that use Packet Protect and other IPSec products.
If two Packet Protect computers attempt to communicate, they use the same
default IKE settings. If one of the computers is managed by a different IPSec
product, make sure that the IKE settings match. If necessary, make changes to
Step 1: IKE Verifies Pre-shared Keys
Step 2: IKE Negotiates IPSec Settings
Step 3: IPSec Protects Packets
IKE settings protect IKE pre-shared
key verification and negotiation steps