cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
179
Views
0
Helpful
4
Replies
Beginner

IPSec VPN

Team Hi,

While reading about IPSec VPN the below mentioned statement has raised me a doubt 

 

"The peer that has traffic that should be protected will initiate the IKE phase 1 negotiation."

 

So as per the above statement it states that the peer which has data will initiate the IKE Phase 1 negotiation. Agreed.

 

But my doubt is here suppose consider Peer A is the sender and Peer B is receiver now who will initiate traffic for IKE Phase 1 negotiation because unless or until if there is request by Peer B which is receiver in our scenario the sender which is Peer A will not send the traffic ..?? Right ?

 

Is my understanding is correct ? 

 

SA(Security Association):- Kindly let me know what are all the parameters in the SA must be same while forming ISAKMP tunnel.

 

 

 

 

 

 

4 REPLIES 4
Beginner

Re: IPSec VPN

Hi Giuseppe,

 

Kindly help me to understand on this.

Beginner

Re: IPSec VPN

@Mani3 

Before Phase 1 there is an initiation going on which is dependent on the protected traffic (encryption domain) , therefore any traffic that match this ACL trigger the IKE initiation, and below is the steps that take place in IPSEC VPN.

  • Initiation: something has to trigger the creation of our tunnels. For example when you configure IPsec on a router, you use an access-list to tell the router what data to protect. When the router receives something that matches the access-list, it will start the IKE process. It’s also possible to manually initiate the tunnel.
  • IKE phase 1: we negotiate a security association to build the IKE phase 1 tunnel (ISAKMP tunnel).
  • IKE phase 2: within the IKE phase 1 tunnel, we build the IKE phase 2 tunnel (IPsec tunnel).
  • Data transfer: we protect user data by sending it through the IKE phase 2 tunnel.
  • Termination: when there is no user data to protect then the IPsec tunnel will be terminated after awhile.

Also store it in mind that IKE phase 1 tunnel is only used for management traffic. This tunnel is used as a secure method to establish the second tunnel called the IKE phase 2 tunnel or IPsec tunnel and for management traffic like keepalives.

Beginner

Re: IPSec VPN

Hi Omole,

 

Thanks for the reply but my question is different and the below which you have given is the same which i read from www.networklessons.com.

 

Beginner

Re: IPSec VPN

@Mani3 

 

I looked at the best way to described the phase flow for you , and i remember i had that save on my draft. Thanks for the link had been looking for that source since.

 

Please be explicit about what you want , so we can apply both working experience and understanding of how the technology in other to give you best response. My understanding is that what trigger the IKE Phase 1 .