While reading about IPSec VPN the below mentioned statement has raised me a doubt
"The peer that has traffic that should be protected will initiate the IKE phase 1 negotiation."
So as per the above statement it states that the peer which has data will initiate the IKE Phase 1 negotiation. Agreed.
But my doubt is here suppose consider Peer A is the sender and Peer B is receiver now who will initiate traffic for IKE Phase 1 negotiation because unless or until if there is request by Peer B which is receiver in our scenario the sender which is Peer A will not send the traffic ..?? Right ?
Is my understanding is correct ?
SA(Security Association):- Kindly let me know what are all the parameters in the SA must be same while forming ISAKMP tunnel.
Before Phase 1 there is an initiation going on which is dependent on the protected traffic (encryption domain) , therefore any traffic that match this ACL trigger the IKE initiation, and below is the steps that take place in IPSEC VPN.
Also store it in mind that IKE phase 1 tunnel is only used for management traffic. This tunnel is used as a secure method to establish the second tunnel called the IKE phase 2 tunnel or IPsec tunnel and for management traffic like keepalives.
I looked at the best way to described the phase flow for you , and i remember i had that save on my draft. Thanks for the link had been looking for that source since.
Please be explicit about what you want , so we can apply both working experience and understanding of how the technology in other to give you best response. My understanding is that what trigger the IKE Phase 1 .