cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1264
Views
0
Helpful
1
Replies

Can anyone explain why Phase 1 is bidirectional and Phase 2 is unidirectional in IPSEC VPN.

maheshpula109
Beginner
Beginner

Can anyone explain why Phase 1 is bidirectional and Phase 2 is unidirectional in IPSEC VPN. I read in one book that Phase 1 uses shared symmetric key generated by DH and both peers uses same key hence it is bidirectional. so in phase 2, are we using 2 different keys from encryption and decryption. Can someone explain it to me how phase 2 get 2 different keys in a simpler language.

1 Reply 1

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
That is not accurate.

In phase 1 dh generates 3 sub keys SKe, SKa SKd. SKd will be generated 1st
to obtain SKe and SKd. If PFS is off, then you use same keys for phase two
encryption/hashing and you don't generate new sub keys. If you have PFS on
then new set of sub keys generated.

Different encryption/decryption keys is the case when using certificate
authentication.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: