Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1465
Views
0
Helpful
4
Replies

IPSec VPN

Mani3
Level 1
Level 1

‎08-18-2019 11:51 PM - edited ‎02-21-2020 09:43 PM

Team Hi,

While reading about IPSec VPN the below mentioned statement has raised me a doubt 

 

"The peer that has traffic that should be protected will initiate the IKE phase 1 negotiation."

 

So as per the above statement it states that the peer which has data will initiate the IKE Phase 1 negotiation. Agreed.

 

But my doubt is here suppose consider Peer A is the sender and Peer B is receiver now who will initiate traffic for IKE Phase 1 negotiation because unless or until if there is request by Peer B which is receiver in our scenario the sender which is Peer A will not send the traffic ..?? Right ?

 

Is my understanding is correct ? 

 

SA(Security Association):- Kindly let me know what are all the parameters in the SA must be same while forming ISAKMP tunnel.

 

 

 

 

 

 

Labels:
0 Helpful
4 Replies 4

Mani3
Level 1
Level 1

‎08-19-2019 08:42 PM

Hi Giuseppe,

 

Kindly help me to understand on this.

0 Helpful

Afolarin Omole
Level 1
Level 1
In response to Mani3

‎08-20-2019 04:36 AM

@Mani3 

Before Phase 1 there is an initiation going on which is dependent on the protected traffic (encryption domain) , therefore any traffic that match this ACL trigger the IKE initiation, and below is the steps that take place in IPSEC VPN.

  • Initiation: something has to trigger the creation of our tunnels. For example when you configure IPsec on a router, you use an access-list to tell the router what data to protect. When the router receives something that matches the access-list, it will start the IKE process. It’s also possible to manually initiate the tunnel.
  • IKE phase 1: we negotiate a security association to build the IKE phase 1 tunnel (ISAKMP tunnel).
  • IKE phase 2: within the IKE phase 1 tunnel, we build the IKE phase 2 tunnel (IPsec tunnel).
  • Data transfer: we protect user data by sending it through the IKE phase 2 tunnel.
  • Termination: when there is no user data to protect then the IPsec tunnel will be terminated after awhile.

Also store it in mind that IKE phase 1 tunnel is only used for management traffic. This tunnel is used as a secure method to establish the second tunnel called the IKE phase 2 tunnel or IPsec tunnel and for management traffic like keepalives.

0 Helpful

Mani3
Level 1
Level 1
In response to Afolarin Omole

‎08-20-2019 09:02 AM

Hi Omole,

 

Thanks for the reply but my question is different and the below which you have given is the same which i read from www.networklessons.com.

 

0 Helpful

Afolarin Omole
Level 1
Level 1
In response to Mani3

‎08-21-2019 12:37 AM

@Mani3 

 

I looked at the best way to described the phase flow for you , and i remember i had that save on my draft. Thanks for the link had been looking for that source since.

 

Please be explicit about what you want , so we can apply both working experience and understanding of how the technology in other to give you best response. My understanding is that what trigger the IKE Phase 1 .

0 Helpful
Customers Also Viewed These Support Documents