IKE Authentication (Windows Embedded CE 6.0)
1/6/2010
The Windows Embedded CE implementation of IPSec supports the IPSec Internet Key Exchange (IKE) protocol. IKE is used to enhance security for virtual private network (VPN) negotiation and remote host or network access.
Specified in IETF Request for Comments (RFC) 2409, IKE defines an automatic means of negotiation and authentication for IPSec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key.
The IKE protocol enhances security for SA communication without the preconfiguration that would otherwise be required.
IKE Modes
IPSec v4 supports the following IKE modes:
- Main Mode Security Association
- Quick Mode Security Association
- Informational exchanges
IKE Encryption Algorithms
IPSec supports the following IKE encryption algorithms:
- DES
- 3DES
IKE Authentication Algorithms
IPSec supports the following IKE authentication algorithms:
- MD5
- SHA-1
IKE Authentication Methods
IPSec supports the following IKE authentication methods:
- Preshared key
- User certificates
IKE Diffie Hellman Groups
The following list shows the Diffie-Hellman (DH) groups that IPSec supports:
- Group 1 (DH 768)
- Group 2 (DH 1024)
- Group 14 (DH 2048)
Group 5 (DH 1536) is not supported in Windows Embedded CE.