101 IKE CONFIGURATIONWhen configuring IKE, go to these sections for information you are interested in:■ “IKE Overview” on page 1901■ “IKE Configuration Task List” on page 1903■ “Displaying and Maintaining IKE” on page 1908■ “IKE Configuration Example” on page 1909■ “Troubleshooting IKE” on page 1916IKE Overview Built on a framework defined by internet security association and keymanagement protocol (ISAKMP), internet key exchange (IKE) provides automatickey negotiation, key exchange and SA establishment services for IPSec, simplifyingthe application, management, configuration and maintenance of IPSecdramatically.Instead of transmitting keys directly across a network, IKE calculates shared keysafter exchanging a series of data. This disables a third party from decrypting thekeys even if the third party captured all exchanged data that is used to calculatethe keys.The section covers these topics:■ “Security Mechanisms of IKE” on page 1901■ “Operation of IKE” on page 1902■ “Function of IKE” on page 1903■ “Relationship between IKE and IPSec” on page 1903Security Mechanisms ofIKEIKE has a series of self-protection mechanisms and supports secure identityauthentication, key distribution, and IPSec SA establishment on unsecurednetworks.Data authenticationData authentication involves two concepts:■ Identity authentication: Mutual identity authentication between peers. Twoauthentication methods are available: pre-shared-key authentication andPKI-based digital signature authentication (RSA signature).■ Identity protection: Protecting identity information by using the generated keysto encrypt it before transmitting.