Ipsec vpn

Saldebob · ‎07-17-2024

Hello,

I don't understand why during phase 1 of creating a site-to-site ipsec tunnel, we are told that the security parameters are negotiated between the two routers, whereas it is we manually define the phase 1 parameters?

Then I don't understand the difference between phase 1 and phase 2?

In phase 1, we define the parameters (encryption, hashing, etc.). The same thing is done in phase 2?

MHM Cisco World · ‎07-17-2024

PhaseI

Both side send it parameter to be check and accpet by other side.

This parameter is send as cleat text

PhaseII

Form parameters of phaseI both routers build secure tunnel' through this tunnel both router exchange the parameters of phaseII which use for send data traffic secure'

This parameters sned encrypt

So different between phaseI and phaseII is that phaseI send clear text parameters and phaseII send encrypt parameters

MHM

Rob Ingram · ‎07-17-2024

@Saldebob

IKE Phase 1 is used for the control plane, to authenticate the peers and establish an encrypted tunnel which is used to secure communication when negoitiating Phase 2 SAs.

IKE Phase 2 establishes Security Associations which is used data plane traffic (bulk user data traffic).