ABSTRACT
Without a doubt, IKE represents the pinnacle of IPSec VPN complexity. Unarguably, it is intensely intricate and fraught with tangents that seem to come from every direction. IKE has come in and out of the center of attention, but will always remain questioned in its structure. There have consistently been suggestions and offers for modification of IKE exchanges to accommodate different perceived limitations in the protocol. Even IPSec operations, such as tunnel mode versus transport mode, are questioned on a regular basis. The security protocol AH is under constant scrutiny. The problem seems to arise when it is feasible to allow ESP to authenticate the outer IP header — technically eliminating the need for AH.
