RSA encrypted nonces—Use Rivest-Shamir-Adleman (RSA) encryption to encrypt a
nonce value (a random number generated by the peer) and other values. The Security
Appliance does not support this authentication type.
Having completed the phase 1 negotiation, IKE provides a secure channel for the completion
of phase 2. The phase 2 exchange occurs only after the IKE SA negotiation is complete. It is
used to derive keying material and negotiate policies for non-ISAKMP SAs (such as the IPSec
SA). IKE performs the following functions and provides the following benefits:
■ It automatically negotiates the security parameters for SAs between peers, removing the
requirement of manually configuring each peer.
■ It provides the capability to configure an SA’s lifetime.
■ It allows the encryption key to change dynamically while the IPSec session is open.
■ It provides antireplay (hijacking) protection to IPSec services.
■ It provides dynamic authentication of SA peers.
■ It provides support for certification authorities.
■ It allows for the scalable implementation of IPSec.