Internet Security Association and Key Management Protocol

An Internet IPsec protocol [R2408] to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism. Tutorial: ISAKMP supports negotiation of security associations for protocols at all IPS layers. By centralizing management of security associations, ISAKMP reduces duplicated functionality within each protocol. ISAKMP can also reduce connection setup time, by negotiating a whole stack of services at once. Strong authentication is required on ISAKMP exchanges, and a digital signature algorithm based on asymmetric cryptography is used within ISAKMP's authentication component. ISAKMP negotiations are conducted in two "phases": "Phase 1 negotiation". A phase 1 negotiation establishes a security association to be used by ISAKMP to protect its own protocol operations. "Phase 2 negotiation". A phase 2 negotiation (which is protected by a security association that was established by a phase 1 negotiation) establishes a security association to be used to protect the operations of a protocol other than ISAKMP, such as ESP.