Many organizations use Virtual Private Networks (VPNs) to connect users and remote sites securely to their corporate network. VPNs over Internet Protocol (IP) networks often use the IP security (IPsec) protocol suite, which provides a set of cryptographically-based security services. The IPsec architecture is described by Kent and Atkinson in “Security Architecture for the Internet Protocol,” published as Request for Comments 2401 by the Internet Engineering Task Force (IETF RFC 2401), November 1998, which is incorporated herein by reference.
Internet key exchange (IKE) is a sub-protocol of IPsec that authenticates each peer in an IPsec transaction, negotiates security policy and handles the exchange of encryption keys. IKE is described by Harkins and Carrel in “The Internet Key Exchange,” IETF RFC 2409, November 1998, which is incorporated herein by reference.
The Internet Security Association and Key Management Protocol (ISAKMP) is a protocol that is part of IKE. ISAKMP defines procedures and packet formats for establishing, negotiating, modifying and deleting security associations (SA) between peers. ISAKMP is defined by Maughan, et al., in “Internet Security Association and Key Management Protocol (ISAKMP),” IETF RFC 2408, November 1998, which is incorporated herein by reference.
The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which: