Network Sales and Services Handbook (Cisco Press Networking Technology)

Internet Key Exchange (IKE) is a good general-purpose security exchange protocol which can be used for policy negotiation and establishment of authenticated keying material. The specification of what IKE is being used for is done in a Domain of Interpretation (DOI). The IPSec DOI can be found in RFC 2407 (www.ietf.org/rfc/rfc2407.txt?number=2407), defining how IKE negotiates IPSec Security Association (SA).