Mystical IPSec

jaighobahi · ‎09-27-2013

Greetings to All. I am studying for CCNP exams in R&S. I have just managed to get a VPN connection working after struggling with it for several days. Even so, the entire aspect of IPSec seem very mysterious. I am seeing terms liek IKE, IPSec SA, ISAKMP SA, phase 1 and phase 2, negotiations, shared keys, digital certificate, nonces and all that. I just cannot put these terms together and form a complete picture. I reckon that I may have to veer into security. Here is where you can help me. Please, recommend good materials that I can use in order to gain a firm understanding of how the topics tie together.

When I say I got a VPN connection working, I mean I simulated it, not a production VPN connection. Not sure I can repeat the process without going through the configurations all over again. I wish to understand the relationships so that I would not need to memorize my configuration file.

Thanks for your contributions.

Michael Muenz · ‎09-27-2013

IKE = Protocal for exchanging keys and forming a VPN

IPSec SA = Established Tunnel (Phase 2)

ISAKMP SA = Established Phase 1 between peers (alg, sec negotiations)

Phase1 = IKE (shared secrets exchange, lifetime, crypto algs)

Phase2 = IPSEC SA (lifetime, crypto algs, defined networks)

Shared secret = Password that have to match on both ends

Certificate = for use instead of shared secret

You should start from the beginning .. just search around ipsec howto, it isn't that hard to learn.

Understanding EIGRP is much harder which you'll have to when you are studying for CCNP RS

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

jaighobahi · ‎10-01-2013

Thank you, Michael. That was helpful.