cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

983
Views
0
Helpful
1
Replies
maheshpula109
Beginner

Can anyone explain why Phase 1 is bidirectional and Phase 2 is unidirectional in IPSEC VPN.

Can anyone explain why Phase 1 is bidirectional and Phase 2 is unidirectional in IPSEC VPN. I read in one book that Phase 1 uses shared symmetric key generated by DH and both peers uses same key hence it is bidirectional. so in phase 2, are we using 2 different keys from encryption and decryption. Can someone explain it to me how phase 2 get 2 different keys in a simpler language.

1 REPLY 1
Mohammed al Baqari
VIP Advisor

That is not accurate.

In phase 1 dh generates 3 sub keys SKe, SKa SKd. SKd will be generated 1st
to obtain SKe and SKd. If PFS is off, then you use same keys for phase two
encryption/hashing and you don't generate new sub keys. If you have PFS on
then new set of sub keys generated.

Different encryption/decryption keys is the case when using certificate
authentication.
Create
Recognize Your Peers
Content for Community-Ad