Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

IKE Phase 2 negotiated options

Paul Cummings
Level 1
Level 1

‎02-01-2006 11:31 AM

Hi,

I just wanted some clarification on a point if someone would be kind enough to help.

During IKE Phase 2 exchange, my understanding is that the transform sets are agreed on, in order to establish the IPSEC SA.

Can someone confirm whether the "Interesting Traffic" pattern/acl is exchanged between the peers with the expectation on a mirrored match? My understanding is that it isn't, but this is being challenged by a fairly knowledgable chap I know.

If someone could confirm my understanding is correct (or the reverse) and let me know if there are any other options exchanged at Phase 2 I'd be really grateful.

Regards,

Paul

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎02-01-2006 02:34 PM

totally agree.

i don't think phase 2 will go through examiningg the acl. in fact, i don't think the acl is going to examine at all.

i have setup lan-lan vpn between 10+ remote offices with 837, and pix515e at the head office. all 837s have crypto acl like:

permit ip

whereas with the pix,

permit ip host

0 Helpful
Customers Also Viewed These Support Documents