Internet Key Exchange features

Edit online

The following are features that are available with Internet Key Exchange for AIX.

  • Starting with AIX® 7.3, Technology Level 3, the Internet Key Exchange has Authentication Header (AH) support for HMAC SHA2 256-bit hash and HMAC SHA2 512-bit hash.
  • Starting with AIX 7.3, Technology Level 3, the Encapsulating Security Payload (ESP) encryption supports the following algorithms:
    • GCM AES 128-bit
    • GCM AES 192-bit
    • GCM AES 256-bit with (16-bit IV)
    • GMAC AES 128-bit
    • GMAC AES 192-bit
    • GMAC AES 256-bit
  • Starting with AIX 7.3, Technology Level 3, the ESP authentication supports HMAC MD5, HMAC SHA1, and HMAC SHA2 512-bit hash for Internet Protocol Security (IPsec). The ESP authentication supports HMAC SHA2 512-bit hash only for Internet Key Exchange Version 2 (IKEv2) protocol.
  • Starting with AIX 6.1, Technology Level 2, IKEv1 (RFC2409) and IKEv2 (RFC4306) protocols are supported. The isakmpd daemon supports the IKEv1 protocol and the ikev2d daemon supports the IKEv2 protocol. The IKEv1 and IKEv2 protocol tunnels can co-exist.
  • Starting with AIX 7.3, Technology Level 3, integrity algorithms CMAC_AES_XCBC, HMAC_SHA2_256, and HMAC_SHA2_512 are supported for IPsec. The integrity algorithm HMAC_SHA2_512 is supported only for IKEv2 protocol.
  • Starting with AIX 7.3, Technology Level 3, Pseudo-Random Function (PRF) algorithms PRF_SHA2_256 and PRF_SHA2_512 are supported for IPsec. The PRF algorithm PRF_SHA2_512 is supported only for IKEv2 protocol.
  • Starting with AIX 6.1, Technology Level 4, Diffie Hellman (DH) groups 14, 19 and 24 are supported.
  • Starting with AIX 7.3, Technology Level 3, DH groups 20 and 21 are also supported along with the DH groups 14, 19 and 24 for IKEv2 protocol.