• United States
Executive Editor

Latest IPSec standard is easier to configure

Jan 12, 20062 mins
Network SecurityNetworkingVPN

* IKEv2 is simpler and should make IPSec VPNs more attractive to smaller businesses

There is a new set of standards for Internet Key Exchange, which is a key component of IPSec.

IKE is a collection of standards that authenticate devices at either end of VPN tunnels, picks encryption and authentication algorithms for each session, and generates and manages encryption keys.

The new set of standards, IKEv2 requires less back and forth chatter between the devices and because IKEv2 is less complex, it is considered less vulnerable to attack.

The key practical benefit is that because it is simpler, it will be easier to configure and deploy, making IPSec VPNs more attractive to smaller businesses that don’t have the technical expertise to properly deploy the original IKE technology.

This is also good news for interoperability. Because the protocol is simpler, IKEv2 can make it easier to establish tunnels between VPN equipment made by different vendors. So VPNs among business partners, suppliers and customers are easier to set up.

Paul Hoffman, the director of the VPN Consortium, says this simplification could rejuvenate the IPSec remote access market in large corporations, where the large number of IPSec clients tended to be daunting. Also, IPSec may become more attractive as businesses install more devices that alter the IP addresses of traffic, he says, because IPSec has features to successfully cross the network address translation devices.

The new standards can be viewed at the VPN Consortium Web site or by searching for them at the Internet Engineering Task Force site. The standards are called RFC 4301, 4302, 4303, 4304, 4305, 4306,4307, 4308 and 4309.