Internet Security Association and Key Management Protocol

Internet Security Association and Key Management Protocol ( ISAKMP ) is a protocol for establishing Security Associations (SA) and the exchange of cryptographic keys on the internet. The protocol was originally defined in RFC 2408 and then integrated into the method defined in RFC 4306 protocol Internet Key Exchange ( IKEv2 ).


ISAKMP defines procedures for the authentication of communication partners, creation and management of Security Associations, key generation and the reduction of possible attacks (eg, denial of service or replay attacks ). IKE is usually used for key exchange, but also other methods are possible.

The protocol defines procedures and packet formats to establish, negotiate, modify and delete Security Associations. SAs contain information that are different for the execution of security services to the network layer (such as ESP or AH ) is required, the transport or application layer.


Under Microsoft Windows, the IPsec services take over the function of ISAKMP.

The KAME project implements ISAKMP for BSD and Linux.