Re: ipsec site to site vpn proposals?

baselzind · ‎02-27-2019

can someone please explain what proposals "as in the attached picture" do in a vpn? do they need to match at both sides? i thought parameters needs= to match only in phase 1 and phase 2 "hash, authen , group , lifetime , encryption" what is proposal job in setting up vpn connection?

Karsten Iwen · ‎02-28-2019

You have to specify both the Phase1 and Phase2 settings. The mentioned ones (hash, authen , group , lifetime , encryption) are phase1 and the screenshot is a config for phase2 that you will later reference in your crypto-config.

baselzind · ‎03-03-2019

so basically what is shown in the proposal are the authentication and encryption for phase 2?
what is ESP?

Richard Burts · ‎03-03-2019

ESP stands for the Encapsulating Security Payload which is the IP protocol used for encrypted traffic in the VPN. Perhaps this link will have information which could be helpful.

https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload

HTH

Rick

HTH

Rick

baselzind · ‎03-06-2019

can u tell me if the screenshot is basically the phase 2 encryption and authentication?

Rob Ingram · ‎03-06-2019

Yes, the screenshot is of the IPSec Transform Set (Phase 2), these values here need to match the values configured on the peer device in order to successfully establish a VPN tunnel.