IKE-But not like, Ike and Turner

by | May 3, 2019 | Blog, CCNA | 0 comments

Internet Key Exchange (IKE)!

(image courtesy- iheart.com)

Grey Hat Developer

2 May 2019

Today I’m going to drop some jewels about IKE, but not like, Ike and Turner. Although I personally think Ike was cool, that’s not the Ike that I’m talking about. The IKE I’m talking about is the Internet Key Exchange. Specifically, The Internet Key Exchange (SA’s) which stands for Security Associations. Which is another thing, peeps, that you will see on your CCNA Security exam.

IKE uses the IKE protocol to negotiate and establish secured site-to-site or remote-access VPN tunnels. IKE is a framework provided by the Internet Security Association and Key Management Protocol aka ISAKMP and also, two other key management protocols, namely Oakley and Secure Key Exchange Mechanism (SKEME).

 

“Dream..Sometimes you got to close your eyes and really envision that shit, bro. If you like it, then it’s beautiful. If you don’t? Then you might as well fade the fuck out right now”(“eps2.2_init_1asec”)

Now, a command that you’ll want to be familiar with is show crypto isakmp sa. What this command does is display the status of current IKE SA’s on a router. IKE operates in 2 phases. IKE phase 1 consist of 2 modes- main mode and aggressive mode. The following states are used during main mode:

  • MM_NO_STATE- The peers have created the SA.
  • MM_SA_SETUP- The peers have negotiated SA parameters.
  • MM_KEY_EXCH- The peers have exchanged Diffie-Hellman (DH) keys and have generated a shared secret.
  • MM_KEY_AUTH- The peers have authenticated the SA.

The following 3 states are used during aggressive mode:

  • AG_NO_STATE- The peers have created the SA.
  • AG_INIT_EXCH – The peers have negotiated SA parameters and exchanged keys.
  • AG_AUTH- The peers have authenticate the SA.

The only mode used during IKE phase 2 is called Quick Mode. The only state in quick mode is QM_IDLE. What this indicates is that IKE phase 1 has completed successfully and that there is an active IKE SA between peers.

I realize this doesn’t seem like it could be high powered information but trust me on this one, these are jewels that you’ll want to lock down. And with that note, I’m in the vapors. In the meantime and in between time, feel free to hit me up with any questions or anything specific to the CCNA Security exam that you’d like for me to wax poetically about. Peace….

Hack On, Ladies and Gentz!

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This