02-05-2009 10:46 AM - edited 03-09-2019 10:01 PM
When creating a site-to-site VPN, I understand that the ISAKMP key is used to authenticate a connecting device when starting IKE Phase 1.
Does this key have anything to do with encryption/decryption or is it strictly for authentication only?
02-05-2009 12:02 PM
From RFC 2408:
"The Internet Security Association and Key
Management Protocol (ISAKMP) defines the procedures for
authenticating a communicating peer, creation and management of
Security Associations, key generation techniques, and threat
mitigation (e.g. denial of service and replay attacks). All of
these are necessary to establish and maintain secure communications
(via IP Security Service or any other security protocol) in an
Internet environment."
02-05-2009 12:06 PM
I'm sorry, I should clarify. I am talking specifically about when you use a preshared key. Is this preshared key used for encryption/decryption as well as authentication of the remote device?
02-05-2009 12:10 PM
As far as I know the pre-shared key is using to establish phase2 and thus solely use for authentication.
02-05-2009 02:14 PM
Joshua
The pre shared key is NOT used for encryption of any data traffic in the site to site VPN. It is used for authentication and to help negotiate the keys that are used for data traffic encryption.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: