VPN Articles and News

What is IKEv2 Protocol?

Thursday, June 5th, 2014

The Internet Key Exchange (IKE) protocol is a component of Internet Protocol Security (IPsec) and it is used for setting up security associations and performing authentication. The protocol offers better authentication and stability even during network hopping. Although the IKE protocol has been around for some time, it is not as popular as PPTP, L2TP or OpenVPN protocols. This article will discuss the key features associated with the IKEv2 protocol.

History – The first version of IKE was proposed in 1998 as a part of RFC 2407, RFC 2408 and RFC 2409. The original version of IKE could be interpreted in different ways which often lead to implementation issues. To fix this, a second version of IKE (IKEv2) was proposed in 2005 that standardized the implementation and offered several security benefits over the first version.

System Support – IKE is available as a part of IPSec in Windows XP, Windows 2000, Windows Vista, Windows Server 2003 and Windows Server 2008. The IKEv2 is available for Microsoft Windows 7 and Windows Server 2008 R2. Several open source implementations of IKE have also been released for Linux, OpenBSD and other operating systems. The IKE implementation for Windows was jointly developed by Cisco and Microsoft whereas other implementations were created by technology companies and academic institutions.

Encryption – IKEv2 offers support for AES 128, AES 192, AES 256 and 3DES encryption algorithms. Since the protocol itself is a part of IPSec protocol, the processing of data packets as well as encryption/decryption is handled by IPSec. The IKE is used to generate negotiation keys which are then passed to the IPSec stack for further action.

Configuration – Configuring IKEv2 on a server is somewhat complicated due to challenges associated with the interpretation of the protocol. However, the client side implementation is fairly simple and it doesn’t require advanced technical knowledge.

Speed – IKEv2 is able to deliver better speeds than PPTP, SSTP and L2TP protocols since it doesn’t involve the overhead associated with Point-to-Point protocols (PPP). The IKEv2 is very similar to IPSec in performance but some implementations do include an additional layer to support NAT traversal.

Port – IKEv2 routes data via UDP through port 500. This port is also used by PPTP and L2TP implementations and is easier to block than the ports used by SSL based protocols (OpenVPN and SSTP).

Stability – IKEv2 is highly stable even when network changes are involved. The protocol is highly suited for VPN implementations that require a lot of network changes (switching from one Wi-Fi hotspot to another or from wired to wireless connections). The protocol even provides support for MOBIKE so it is a good choice for mobile users who need to traverse across different networks on a daily basis.

Security Issues – There are no significant security challenges associated with the IKEv2 protocol.

Conclusion – The IKEv2 protocol boasts of strong authentication, stability, encryption and data integrity features. However, the protocol is not yet compatible with many operating systems and in addition, there are multiple implementation issues associated with it. Overall, the protocol offers a good choice for VPN networks where network stability is of utmost importance.

June 5, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 0 =