Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2079
Views
0
Helpful
1
Replies

IPSec Phase 1 & Phase 2: differences in commands

azhdar1234
Level 1
Level 1

‎05-12-2019 01:52 AM - edited ‎02-21-2020 09:38 PM

Hello !

What's difference between "hash sha / encryption aes256" in Phase 1 and "esp-sha256-hmac" in Phase 2 ? Are they the same or are there any difference ?

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎05-12-2019 06:11 AM

Hi,
The algorithms defined in Phase 1 (isakmp policy) are used to establish an IKE SA (Security Association), through which 2 x IPSec SA (inbound/outbound) is negotiated using the Phase 2 algorithms defined in the IPSec Transform Set. All data transmitted through the VPN is over the IPSec SAs.

HTH
0 Helpful
Customers Also Viewed These Support Documents