Internet Key Exchange features

The following are features that are available with Internet Key Exchange for AIX®.

The following additional features are available with Internet Key Exchange for AIX 6.1, or later:

• AH support for HMAC SHA2 256-bit hash (TL 04, or later).
• ESP encryption support GCM AES 128-bit, 192-bit, 256-bit with (16 bit IV), GMAC AES 128-bit, 192-bit, 256-bit algorithms; ESP authentication support with HMAC MD5 and HMAC SHA1 (TL 04, or later).
• IKEv1 (RFC2409) and IKEv2 (RFC4306) are supported (TL 02, or later). IKEv1 is supported by the isakmpd daemon and IKEv2 is supported by the ikev2d daemon (TL 02, or later). The IKEv1 and IKEv2 tunnels can co-exist.
• Support for integrity algorithms CMAC_AES_XCBC and HMAC_SHA2_256 (TL 04, or later).
• Support for PRF algorithm PRF_SHA2_256 (TL 04, or later).
• Support for Diffie Hellman groups 14, 19 and 24 (TL 04, or later).