IPsec provides encryption and authentication for data packets, and protects them from eavesdropping and falsification. Prior to performing IPsec functions, authentication must be mutually assured between the two parties in communication, usually two security gateways, and shared session keys between them must be safely generated. Internet Key Exchange (IKE) protocol is the most common mechanism for two security gateways to negotiate. Haddad et al. proposed a simplified DoS-resistant protocol for such negotiation. Besides, the new version of IKE, named IKEv2 as defined in RFC 4306, can also achieve limited DoS prevention. This paper proposes a simplified, but intelligent design for an internet key exchange protocol, which has greater DoS-resistant than the protocol by Haddad et al. or IKEv2, while maintaining important security properties.