09-27-2013 04:43 AM - edited 02-21-2020 07:11 PM
Greetings to All. I am studying for CCNP exams in R&S. I have just managed to get a VPN connection working after struggling with it for several days. Even so, the entire aspect of IPSec seem very mysterious. I am seeing terms liek IKE, IPSec SA, ISAKMP SA, phase 1 and phase 2, negotiations, shared keys, digital certificate, nonces and all that. I just cannot put these terms together and form a complete picture. I reckon that I may have to veer into security. Here is where you can help me. Please, recommend good materials that I can use in order to gain a firm understanding of how the topics tie together.
When I say I got a VPN connection working, I mean I simulated it, not a production VPN connection. Not sure I can repeat the process without going through the configurations all over again. I wish to understand the relationships so that I would not need to memorize my configuration file.
Thanks for your contributions.
09-27-2013 06:54 AM
IKE = Protocal for exchanging keys and forming a VPN
IPSec SA = Established Tunnel (Phase 2)
ISAKMP SA = Established Phase 1 between peers (alg, sec negotiations)
Phase1 = IKE (shared secrets exchange, lifetime, crypto algs)
Phase2 = IPSEC SA (lifetime, crypto algs, defined networks)
Shared secret = Password that have to match on both ends
Certificate = for use instead of shared secret
You should start from the beginning .. just search around ipsec howto, it isn't that hard to learn.
Understanding EIGRP is much harder which you'll have to when you are studying for CCNP RS
Michael
Please rate all helpful posts
10-01-2013 03:19 AM
Thank you, Michael. That was helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide