07-17-2024 09:15 AM - edited 07-17-2024 09:16 AM
Hello,
I don't understand why during phase 1 of creating a site-to-site ipsec tunnel, we are told that the security parameters are negotiated between the two routers, whereas it is we manually define the phase 1 parameters?
Then I don't understand the difference between phase 1 and phase 2?
In phase 1, we define the parameters (encryption, hashing, etc.). The same thing is done in phase 2?
07-17-2024 09:28 AM
PhaseI
Both side send it parameter to be check and accpet by other side.
This parameter is send as cleat text
PhaseII
Form parameters of phaseI both routers build secure tunnel' through this tunnel both router exchange the parameters of phaseII which use for send data traffic secure'
This parameters sned encrypt
So different between phaseI and phaseII is that phaseI send clear text parameters and phaseII send encrypt parameters
MHM
07-17-2024 09:46 AM
IKE Phase 1 is used for the control plane, to authenticate the peers and establish an encrypted tunnel which is used to secure communication when negoitiating Phase 2 SAs.
IKE Phase 2 establishes Security Associations which is used data plane traffic (bulk user data traffic).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide