IKEv2 (Internet Key Exchange version 2)

What is IKEv2

The Internet Engineering Task Force introduced the Internet Key Exchange back in November 1998. They updated it in 2010 to what is now known as Internet Key Exchange version 2 (IKEv2). Some further updates were made in 2010. Internet Key Exchange version 2 is a computing protocol that sets up SA (security association) in the IPsec (Internet Protocol Security) protocol suite. The protocol was conceived as an extension of the Oakley Protocol and ISAKMP. The basis of the authentication process under IKEv2 is the X.509 certificate. The X.509 can be either shared between the two communicating users previously, or it can be transferred via DNSSEC. Another authentication certificate that is heavily used by the IKEv2 protocol is the Diffie-Hellman key exchange.

How does the IKEv2 exchange work

The exchange sets up a shared session secreted, and as a result, drives crypto keys that are used to keep the information being transferred a secret from potentially malicious third parties. The IKEv2 uses a number of features that address issues with the previous version. For instance, it implements few cryptographic mechanisms compared to the previous version, as well as other protocols. It has a simple message exchange and of course, the Standard Mobility support that enables mobility and multihoming for both IKEv2 and ESP (Encapsulating Security Payload).