41
IKE (Interface Key Exchange) is an optional, but widely used, component of IPsec.
IKE provides a method of negotiating and generating the keys and IDs required by IPsec. If using IKE, only a single key
is required to be provided during configuration. Also, IKE supports using Certificates to authenticate the identity of
the remote user or gateway.
If IKE is not used, then all keys and IDs (SPIs) must be entered manually, and Certificates can’t be used, this is called a
“Manual Key Exchange”.
Example: Configuring a IPSec LAN-to-LAN VPN Connection
Network Configuration and Security Plan
Branch Office
Head Office
Local Network ID
192.168.0.0/24
192.168.1.0/24
Local Router IP
69.1.121.30
69.1.121.3
Remote Network ID
192.168.1.0/24
192.168.0.0/24
Remote Router IP
69.1.121.3
69.1.121.30
IKE Pre-shared Key
12345678
12345678
VPN Connection Type
Tunnel mode
Tunnel mode
Security Algorithm
ESP:MD5 with AES
ESP:MD5 with AES
Both office LAN networks must in different subnet with LAN to LAN application.
Functions of Pre-shared Key, VPN Connection, type and Security Algorithm must be identically set up on both sides.
Example: Configuring a IPSec Host-to-LAN VPN Connection