Abstract:IKE (Internet key exchange, RFC2409) describes a suite of Internet key exchange protocols for establishing security associations and obtaining authenticated keying material. A security flaw in these IKE protocols is observed and a simple modification is proposed. In this paper, it is pointed out that there is a neglected security flaw in the amended IKE protocols. And a successful attack on the amended IKE protocols is also provided. A new amendment to IKE protocols is proposed, and the reasons which cause the two security flaws are analyzed by using BAN logic successfully.