IKE.CONFIG(4) File Formats and Configurations IKE.CONFIG(4) NNAAMMEE ike.config - configuration file for IKE policy SSYYNNOOPPSSIISS //eettcc//iinneett//iikkee//ccoonnffiigg DDEESSCCRRIIPPTTIIOONN The //eettcc//iinneett//iikkee//ccoonnffiigg file contains rules for matching inbound IKE requests. It also contains rules for preparing outbound IIKKEE requests. You can test the syntactic correctness of an //eettcc//iinneett//iikkee//ccoonnffiigg file by using the --cc or --ff options of iinn..iikkeedd(1M). You must use the --cc option to test a ccoonnffiigg file. You might need to use the --ff option if it is not in //eettcc//iinneett//iikkee//ccoonnffiigg. LLeexxiiccaall CCoommppoonneennttss On any line, an unquoted ## character introduces a comment. The remainder of that line is ignored. Additionally, on any line, an unquoted //// sequence introduces a comment. The remainder of that line is ignored. There are several types of lexical tokens in the iikkee..ccoonnffiigg file: _n_u_m A decimal, hex, or octal number representation is as in 'C'. _I_P_a_d_d_r/_p_r_e_f_i_x/_r_a_n_g_e An IPv4 or IPv6 address with an optional /_N_N_N suffix, (where _N_N_N is a _n_u_m) that indicates an address (CCIIDDRR) prefix (for example, 1100..11..22..00//2244). An optional /_A_D_D_R suffix (where _A_D_D_R is a second IP address) indicates an address/mask pair (for example, 1100..11..22..00//225555..225555..225555..00). An optional -_A_D_D_R suffix (where _A_D_D_R is a second IPv4 address) indicates an inclusive range of addresses (for example, 1100..11..22..00--1100..11..22..225555). The // or -- can be surrounded by an arbitrary amount of white space. XXXXXX | YYYYYY | ZZZZZZ Either the words XXXXX, YYYYYY, or ZZZZZZ, for example, {yes,no}. pp11--iidd--ttyyppee An IKE phase 1 identity type. IKE phase 1 identity types include: ddnn,, DDNN ddnnss,, DDNNSS ffqqddnn,, FFQQDDNN ggnn,, GGNN iipp,, IIPP iippvv44 iippvv44__pprreeffiixx iippvv44__rraannggee iippvv66 iippvv66__pprreeffiixx iippvv66__rraannggee mmbbooxx,, MMBBOOXX uusseerr__ffqqddnn ""_s_t_r_i_n_g"" A quoted string. Examples include:""LLaabbeell ffoooo"", or ""CC==UUSS,, OOUU==SSuunn MMiiccrroossyysstteemmss\\,, IInncc..,, NN==oolleemmccdd@@eenngg..eexxaammppllee..ccoomm"" A backslash (\\) is an escape character. If the string needs an actual backslash, two must be specified. _c_e_r_t_-_s_e_l A certificate selector, a _s_t_r_i_n_g which specifies the identities of zero or more certificates. The specifiers can conform to XX..550099 naming conventions. A _c_e_r_t_-_s_e_l can also use various shortcuts to match either subject alternative names, the filename or sslloott of a certificate in //eettcc//iinneett//iikkee//ppuubblliicckkeeyyss, or even the IISSSSUUEERR. For example: "SLOT=0" "EMAIL=postmaster@domain.org" "webmaster@domain.org" # Some just work w/o TYPE= "IP=10.0.0.1" "10.21.11.11" # Some just work w/o TYPE= "DNS=www.domain.org" "mailhost.domain.org" # Some just work w/o TYPE= "ISSUER=C=US, O=Sun Microsystems\, Inc., CN=Sun CA" Any _c_e_r_t_-_s_e_l preceded by the character !! indicates a negative match, that is, not matching this specifier. These are the same kind of strings used in iikkeecceerrtt(1M). _l_d_a_p_-_l_i_s_t A quoted, comma-separated list of LDAP servers and ports. For example, ""llddaapp11..eexxaammppllee..ccoomm"", ""llddaapp11..eexxaammppllee..ccoomm::338899"", ""llddaapp11..eexxaammppllee..ccoomm::338899,,llddaapp22..eexxaammppllee..ccoomm"". The default port for LDAP is 338899. _p_a_r_a_m_e_t_e_r_-_l_i_s_t A list of parameters. FFiillee BBooddyy EEnnttrriieess There are four main types of entries: o global parameters o IKE phase 1 transform defaults o IKE rule defaults o IKE rules The global parameter entries are as follows: cceerrtt__rroooott _c_e_r_t_-_s_e_l The X.509 distinguished name of a certificate that is a trusted root CA certificate.It must be encoded in a file in the //eettcc//iinneett//iikkee//ppuubblliicckkeeyyss directory. It must have a CRL in //eettcc//iinneett//iikkee//ccrrlls. Multiple cceerrtt__rroooott parameters aggregate. cceerrtt__ttrruusstt _c_e_r_t_-_s_e_l Specifies an X.509 distinguished name of a certificate that is self-signed, or has otherwise been verified as trustworthy for signing IKE exchanges. It must be encoded in a file in //eettcc//iinneett//iikkee//ppuubblliicckkeeyyss. Multiple cceerrtt__ttrruusstt parameters aggregate. eexxppiirree__ttiimmeerr _i_n_t_e_g_e_r The number of seconds to let a not-yet-complete IKE Phase I (Main Mode) negotiation linger before deleting it. Default value: 300 seconds. iiggnnoorree__ccrrllss If this keyword is present in the file, iinn..iikkeedd(1M) ignores Certificate Revocation Lists (CCRRLLs) for root CCAAs (as given in cceerrtt__rroooott) llddaapp__sseerrvveerr _l_d_a_p_-_l_i_s_t A list of LDAP servers to query for certificates. The list can be additive. ppkkccss1111__ppaatthh _s_t_r_i_n_g The string that follows is a name of a shared object (..ssoo) that implements the PKCS#11 standard. The name is passed directly into ddllooppeenn(3C) for linking, with all of the semantics of that library call. By default, iinn..iikkeedd(1M) runs the same ISA as the running kernel, so a library specified using ppkkccss1111__ppaatthh and an absolute pathname mmuusstt match the same ISA as the kernel. One can use the start/exec SMF property (see ssvvccccffgg(1M)) to change iinn..iikkeedd's ISA, but it is not recommended. If this setting is not present, the default value is set to lliibbppkkccss1111..ssoo. Most cryptographic providers go through the default library, and this parameter should only be used if a specialized provider of IKE-useful cryptographic services cannot interface with the Solaris Cryptographic Framework. See ccrryyppttooaaddmm(1M). This option is now deprecated, and may be removed in a future release. rreettrryy__lliimmiitt _i_n_t_e_g_e_r The number of retransmits before any IKE negotiation is aborted. Default value: 5 times. rreettrryy__ttiimmeerr__iinniitt _i_n_t_e_g_e_r or _f_l_o_a_t The initial interval (in seconds) between retransmits. This interval is doubled until the rreettrryy__ttiimmeerr__mmaaxx value (see below) is reached. Default value: 0.5 seconds. rreettrryy__ttiimmeerr__mmaaxx _i_n_t_e_g_e_r or _f_l_o_a_t The maximum interval (in seconds) between retransmits. The doubling retransmit interval stops growing at this limit. Default value: 30 seconds. Note - This value is never reached with the default configuration. The longest interval is 8 (0.5 * 2 ^ (5 - 1)) seconds. pprrooxxyy _s_t_r_i_n_g The string following this keyword must be a URL for an HTTP proxy, for example, hhttttpp::////pprrooxxyy::88008800. ssoocckkss _s_t_r_i_n_g The string following this keyword must be a URL for a SOCKS proxy, for example, ssoocckkss::////ssoocckkss--pprrooxxyy. uussee__hhttttpp If this keyword is present in the file, iinn..iikkeedd(1M) uses HTTP to retrieve Certificate Revocation Lists (CCRRLLs). The following IKE phase 1 transform parameters can be prefigured using file-level defaults. Values specified within any given transform override these defaults. The IKE phase 1 transform defaults are as follows: pp11__lliiffeettiimmee__sseeccss _n_u_m The proposed default lifetime, in seconds, of an IKE phase 1 security association (SSAA). pp11__nnoonnccee__lleenn _n_u_m The length in bytes of the phase 1 (quick mode) nonce data. This cannot be specified on a per-rule basis. The following IKE rule parameters can be prefigured using file-level defaults. Values specified within any given rule override these defaults, unless a rule cannot. pp22__lliiffeettiimmee__sseeccss _n_u_m The proposed default lifetime, in seconds, of an IKE phase 2 security association (SA). This value is optional. If omitted, a default value is used. pp22__ssooffttlliiffee__sseeccss _n_u_m The soft lifetime of a phase 2 SA, in seconds. If this value is specified, the SA soft expires after the number of seconds specified by pp22__ssooffttlliiffee__sseeccss. This causes iinn..iikkeedd to renegotiate a new phase 2 SA before the original SA expires. This value is optional, if omitted soft expiry occurs after 90% of the lifetime specified by pp22__lliiffeettiimmee__sseeccss. The value specified by pp22__ssooffttlliiffee__sseeccss is ignored if pp22__lliiffeettiimmee__sseeccss is not specified. Setting pp22__ssooffttlliiffee__sseeccss to the same value as pp22__lliiffeettiimmee__sseeccss disables soft expires. pp22__iiddlleettiimmee__sseeccss _n_u_m The idle lifetime of a phase 2 SA, in seconds. If the value is specified, the value specifies the lifetime of the SA, if the security association is not used before the SA is revalidated. pp22__lliiffeettiimmee__kkbb _n_u_m The lifetime of an SA can optionally be specified in kilobytes. This parameter specifies the default value. If lifetimes are specified in both seconds and kilobytes, the SA expires when either the seconds or kilobyte thresholds are passed. pp22__ssooffttlliiffee__kkbb _n_u_m This value is the number of kilobytes that can be protected by an SA before a soft expire occurs (see pp22__ssooffttlliiffee__sseeccss, above). This value is optional. If omitted, soft expiry occurs after 90% of the lifetime specified by pp22__lliiffeettiimmee__kkbb. The value specified by pp22__ssooffttlliiffee__kkbb is ignored if pp22__lliiffeettiimmee__kkbb is not specified. pp22__nnoonnccee__lleenn _n_u_m The length in bytes of the phase 2 (quick mode) nonce data. This cannot be specified on a per-rule basis. llooccaall__iidd__ttyyppee _p_1_-_i_d_-_t_y_p_e The local identity for IKE requires a type. This identity type is reflected in the IKE exchange. The type can be one of the following: o an IP address (for example, 1100..11..11..22) o DNS name (for example, tteesstt..ddoommaaiinn..ccoomm) o MBOX RFC 822 name (for example, rroooott@@ddoommaaiinn..ccoomm) o DNX.509 distinguished name (for example, CC==UUSS,, OO==SSuunn MMiiccrroossyysstteemmss IInncc..,, CCNN==SSuunn TTeesstt cceerrtt) pp11__xxffoorrmm ''{{'' ppaarraammeetteerr--lliisstt ''}} A phase 1 transform specifies a method for protecting an IKE phase 1 exchange. An initiator offers up lists of phase 1 transforms, and a receiver is expected to only accept such an entry if it matches one in a phase 1 rule. There can be several of these, and they are additive. There must be either at least one phase 1 transform in a rule or a global default phase 1 transform list. In a configuration file without a global default phase 1 transform list aanndd a rule without a phase, transform list is an invalid file. Unless specified as optional, elements in the parameter-list must occur exactly once within a given transform's parameter-list: ooaakklleeyy__ggrroouupp _n_u_m_b_e_r The Oakley Diffie-Hellman group used for IKE SA key derivation. The group numbers are defined in RFC 2409, Appendix A, RFC 3526, and RFC 5114, section 3.2. Acceptable values are currently: 1 (MODP 768-bit) 2 (MODP 1024-bit) 3 (EC2N 155-bit) 4 (EC2N 185-bit) 5 (MODP 1536-bit) 14 (MODP 2048-bit) 15 (MODP 3072-bit) 16 (MODP 4096-bit) 17 (MODP 6144-bit) 18 (MODP 8192-bit) 19 (ECP 256-bit) 20 (ECP 384-bit) 21 (ECP 521-bit) 22 (MODP 1024-bit, with 160-bit Prime Order Subgroup) 23 (MODP 2048-bit, with 224-bit Prime Order Subgroup) 24 (MODP 2048-bit, with 256-bit Prime Order Subgroup) 25 (ECP 192-bit) 26 (ECP 224-bit) eennccrr__aallgg {{33ddeess,, 33ddeess--ccbbcc,, bblloowwffiisshh,, bblloowwffiisshh--ccddcc,, ddeess,, ddeess--ccbbcc,, aaeess,, aaeess--ccbbcc}} An encryption algorithm, as in iippsseeccccoonnff(1M). However, of the ciphers listed above, only aaeess and aaeess--ccbbcc allow optional key- size setting, using the "low value-to-high value" syntax. To specify a single AES key size, the low value must equal the high value. If no range is specified, all three AES key sizes are allowed. aauutthh__aallgg {{mmdd55,, sshhaa,, sshhaa11,, sshhaa225566,, sshhaa338844,, sshhaa551122}} An authentication algorithm. Use iippsseeccaallggss(1M) with the --ll option to list the IPsec protocols and algorithms currently defined on a system. The ccrryyppttooaaddmm lliisstt command displays a list of installed providers and their mechanisms. See ccrryyppttooaaddmm(1M). aauutthh__mmeetthhoodd {{pprreesshhaarreedd,, rrssaa__ssiigg,, rrssaa__eennccrryypptt,, ddssss__ssiigg}} The authentication method used for IKE phase 1. pp11__lliiffeettiimmee__sseeccss _n_u_m Optional. The lifetime for a phase 1 SA. pp22__lliiffeettiimmee__sseeccss _n_u_m If configuring the kernel defaults is not sufficient for different tasks, this parameter can be used on a per-rule basis to set the IPsec SSAA lifetimes in seconds. pp22__ppffss _n_u_m Use perfect forward secrecy for phase 2 (quick mode). If selected, the oakley group specified is used for phase 2 PFS. Acceptable values are: 0 (do not use Perfect Forward Secrecy for IPsec SAs) 1 (768-bit) 2 (1024-bit) 5 (1536-bit) 14 (2048-bit) 15 (3072-bit) 16 (4096-bit) An IKE rule starts with a right-curly-brace ({{), ends with a left- curly-brace (}}), and has the following parameters in between: llaabbeell _s_t_r_i_n_g Required parameter. The administrative interface to iinn..iikkeedd looks up phase 1 policy rules with the label as the search string. The administrative interface also converts the label into an index, suitable for an extended ACQUIRE message from PF_KEY - effectively tying IPsec policy to IKE policy in the case of a node initiating traffic. Only one llaabbeell parameter is allowed per rule. llooccaall__aaddddrr <<_I_P_a_d_d_r/_p_r_e_f_i_x/_r_a_n_g_e> Required parameter. The local address, address prefix, or address range for this phase 1 rule. Multiple llooccaall__aaddddrr parameters accumulate within a given rule. rreemmoottee__aaddddrr <<_I_P_a_d_d_r/_p_r_e_f_i_x/_r_a_n_ge> Required parameter. The remote address, address prefix, or address range for this phase 1 rule. Multiple rreemmoottee__aaddddrr parameters accumulate within a given rule. llooccaall__iidd__ttyyppee _p_1_-_i_d_-_t_y_p_e Which phase 1 identity type I uses. This is needed because a single certificate can contain multiple values for use in IKE phase 1. Within a given rule, all phase 1 transforms must either use preshared or non-preshared authentication (they cannot be mixed). For rules with preshared authentication, the llooccaall__iidd__ttyyppee parameter is optional, and defaults to IIPP. For rules which use non- preshared authentication, the 'local_id_type' parameter is required. Multiple 'local_id_type' parameters within a rule are not allowed. llooccaall__iidd _c_e_r_t_-_s_e_l Disallowed for preshared authentication method; required parameter for non-preshared authentication method. The local identity string or certificate selector. Only one local identity per rule is used, the first one stated. rreemmoottee__iidd _c_e_r_t_-_s_e_l Disallowed for preshared authentication method; required parameter for non-preshared authentication method. Selector for which remote phase 1 identities are allowed by this rule. Multiple rreemmoottee__iidd parameters accumulate within a given rule. If a single empty string ("""") is given, then this accepts any remote IIDD for phase 1. It is recommended that certificate trust chains or address enforcement be configured strictly to prevent a breakdown in security if this value for rreemmoottee__iidd is used. pp22__lliiffeettiimmee__sseeccss _n_u_m If configuring the kernel defaults is not sufficient for different tasks, this parameter can be used on a per-rule basis to set the IPsec SSAA lifetimes in seconds. pp22__ppffss _n_u_m Use perfect forward secrecy for phase 2 (quick mode). If selected, the oakley group specified is used for phase 2 PFS. Acceptable values are: 0 (do not use Perfect Forward Secrecy for IPsec SAs) 1 (768-bit) 2 (1024-bit) 5 (1536-bit) 14 (2048-bit) 15 (3072-bit) 16 (4096-bit) pp11__xxffoorrmm {{ _p_a_r_a_m_e_t_e_r_-_l_i_s_t }} A phase 1 transform specifies a method for protecting an IKE phase 1 exchange. An initiator offers up lists of phase 1 transforms, and a receiver is expected to only accept such an entry if it matches one in a phase 1 rule. There can be several of these, and they are additive. There must be either at least one phase 1 transform in a rule or a global default phase 1 transform list. A iikkee..ccoonnffiigg file without a global default phase 1transform list aanndd a rule without a phase 1 transform list is an invalid file. Elements within the parameter-list; unless specified as optional, must occur exactly once within a given transform's parameter-list: ooaakklleeyy__ggrroouupp _n_u_m_b_e_r The Oakley Diffie-Hellman group used for IIKKEE SSAA key derivation. Acceptable values are currently: 1 (768-bit) 2 (1024-bit) 5 (1536-bit) 14 (2048-bit) 15 (3072-bit) 16 (4096-bit) eennccrr__aallgg {{33ddeess,, 33ddeess--ccbbcc,, bblloowwffiisshh,, bblloowwffiisshh--ccddcc,, ddeess,, ddeess--ccbbcc,, aaeess,, aaeess--ccbbcc}} An encryption algorithm, as in iippsseeccccoonnff(1M). However, of the ciphers listed above, only aaeess and aaeess--ccbbcc allow optional key- size setting, using the "low value-to-high value" syntax. To specify a single AES key size, the low value must equal the high value. If no range is specified, all three AES key sizes are allowed. aauutthh__aallgg {{mmdd55,, sshhaa,, sshhaa11}} An authentication algorithm, as specified in iippsseecckkeeyy(1M). aauutthh__mmeetthhoodd {{pprreesshhaarreedd,, rrssaa__ssiigg,, rrssaa__eennccrryypptt,, ddssss__ssiigg}} The authentication method used for IKE phase 1. pp11__lliiffeettiimmee__sseeccss _n_u_m Optional. The lifetime for a phase 1 SA. EEXXAAMMPPLLEESS EExxaammppllee 11 A Sample iikkee..ccoonnffiigg File The following is an example of an iikkee..ccoonnffiigg file: ### BEGINNING OF FILE ### First some global parameters... ### certificate parameters... # Root certificates. I SHOULD use a full Distinguished Name. # I must have this certificate in my local filesystem, see ikecert(1m). cert_root "C=US, O=Sun Microsystems\, Inc., CN=Sun CA" # Explicitly trusted certs that need no signatures, or perhaps # self-signed ones. Like root certificates, use full DNs for them # for now. cert_trust "EMAIL=root@domain.org" # Where do I send LDAP requests? ldap_server "ldap1.domain.org,ldap2.domain.org:389" ## phase 1 transform defaults... p1_lifetime_secs 14400 p1_nonce_len 20 ## Parameters that might also show up in rules. p1_xform { auth_method preshared oakley_group 5 auth_alg sha encr_alg 3des } p2_pfs 2 ### Now some rules... { label "simple inheritor" local_id_type ip local_addr 10.1.1.1 remote_addr 10.1.1.2 } { label "simple inheritor IPv6" local_id_type ipv6 local_addr fe80::a00:20ff:fe7d:6 remote_addr fe80::a00:20ff:fefb:3780 } { # an index-only rule. If I'm a receiver, and all I # have are index-only rules, what do I do about inbound IKE requests? # Answer: Take them all! label "default rule" # Use whatever "host" (e.g. IP address) identity is appropriate local_id_type ipv4 local_addr 0.0.0.0/0 remote_addr 0.0.0.0/0 p2_pfs 5 # Now I'm going to have the p1_xforms p1_xform {auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ blowfish } p1_xform {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des } # After said list, another keyword (or a '}') stops xform # parsing. } { # Let's try something a little more conventional. label "host to .80 subnet" local_id_type ip local_id "10.1.86.51" remote_id "" # Take any, use remote_addr for access control. local_addr 10.1.86.51 remote_addr 10.1.80.0/24 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ blowfish } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ blowfish } } { # Let's try something a little more conventional, but with ipv6. label "host to fe80::/10 subnet" local_id_type ip local_id "fe80::a00:20ff:fe7d:6" remote_id "" # Take any, use remote_addr for access control. local_addr fe80::a00:20ff:fe7d:6 remote_addr fe80::/10 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ blowfish } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg \ blowfish } } { # How 'bout something with a different cert type and name? label "punchin-point" local_id_type mbox local_id "ipsec-wizard@domain.org" remote_id "10.5.5.128" local_addr 0.0.0.0/0 remote_addr 10.5.5.128 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg \ blowfish } } { label "receiver side" remote_id "ipsec-wizard@domain.org" local_id_type ip local_id "10.5.5.128" local_addr 10.5.5.128 remote_addr 0.0.0.0/0 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } # NOTE: Specifying preshared null-and-voids the remote_id/local_id # fields. p1_xform { auth_method preshared oakley_group 5 auth_alg md5 encr_alg \ blowfish} } AATTTTRRIIBBUUTTEESS See aattttrriibbuutteess(5) for descriptions of the following attributes: +--------------------+-----------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +--------------------+-----------------+ |Interface Stability | Committed | +--------------------+-----------------+ SSEEEE AALLSSOO ccrryyppttooaaddmm(1M), iikkeeaaddmm(1M), iinn..iikkeedd(1M), iikkeecceerrtt(1M), iippsseecckkeeyy(1M), iippsseeccaallggss(1M), iippsseeccccoonnff(1M), ssvvccccffgg(1M), ddllooppeenn(3C), aattttrriibbuutteess(5), rraannddoomm(7D) Harkins, Dan and Carrel, Dave. _R_F_C _2_4_0_9_, _I_n_t_e_r_n_e_t _K_e_y _E_x_c_h_a_n_g_e _(_I_K_E_). Cisco Systems, November 1998. Maughan, Douglas et. al. _R_F_C _2_4_0_8_, _I_n_t_e_r_n_e_t _S_e_c_u_r_i_t_y _A_s_s_o_c_i_a_t_i_o_n _a_n_d _K_e_y _M_a_n_a_g_e_m_e_n_t _P_r_o_t_o_c_o_l _(_I_S_A_K_M_P_). National Security Agency, Ft. Meade, MD. November 1998. Piper, Derrell. _R_F_C _2_4_0_7_, _T_h_e _I_n_t_e_r_n_e_t _I_P _S_e_c_u_r_i_t_y _D_o_m_a_i_n _o_f _I_n_t_e_r_p_r_e_t_a_t_i_o_n _f_o_r _I_S_A_K_M_P. Network Alchemy. Santa Cruz, California. November 1998. Kivinen, T. _R_F_C _3_5_2_6_, _M_o_r_e _M_o_d_u_l_a_r _E_x_p_o_n_e_n_t_i_a_l _(_M_O_D_P_) _D_i_f_f_i_e_-_H_e_l_l_m_a_n _G_r_o_u_p_s _f_o_r _I_n_t_e_r_n_e_t _K_e_y _E_x_c_h_a_n_g_e _(_I_K_E_). The Internet Society, Network Working Group. May 2003. Lepinksi, M. and Kent, S. _R_F_C _5_1_1_4_, _A_d_d_i_t_i_o_n_a_l _D_i_f_f_i_e_-_H_e_l_l_m_a_n _G_r_o_u_p_s _f_o_r _U_s_e _w_i_t_h _I_E_T_F _S_t_a_n_d_a_r_d_s. BBN Technologies, January 2008. Fu, D. and Solinas, J. _R_F_C _5_9_0_3_, _E_l_l_i_p_t_i_c _C_u_r_v_e _G_r_o_u_p_s _m_o_d_u_l_o _a _P_r_i_m_e _(_E_C_P _G_r_o_u_p_s_) _f_o_r _I_K_E _a_n_d _I_K_E_v_2. NSA, June 2010. April 27, 2009 IKE.CONFIG(4)