When creating a site-to-site VPN, I understand that the ISAKMP key is used to authenticate a connecting device when starting IKE Phase 1.
Does this key have anything to do with encryption/decryption or is it strictly for authentication only?
From RFC 2408:
"The Internet Security Association and Key
Management Protocol (ISAKMP) defines the procedures for
authenticating a communicating peer, creation and management of
Security Associations, key generation techniques, and threat
mitigation (e.g. denial of service and replay attacks). All of
these are necessary to establish and maintain secure communications
(via IP Security Service or any other security protocol) in an
I'm sorry, I should clarify. I am talking specifically about when you use a preshared key. Is this preshared key used for encryption/decryption as well as authentication of the remote device?
As far as I know the pre-shared key is using to establish phase2 and thus solely use for authentication.
The pre shared key is NOT used for encryption of any data traffic in the site to site VPN. It is used for authentication and to help negotiate the keys that are used for data traffic encryption.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: