Showing results for 
Search instead for 
Did you mean: 

vpn queries - cisco s2s vpn

Level 4
Level 4

Read more websites, and confused more.... Can anyone give clear picture on the below..

what is a session key ?

what is a shared secret key ?

how preshared keys are detected and authenticated by its ipsec peer ?

what is hash ?

in phase 1 and phase 2, how encryption actually works ?

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Session key in cryptography is meant to describe a key which actually used in protection of a given transaction/set of transcations.

Shared secret key, I guess you are referring to IKE's Pre-shared key (PSK), it's a key mutually agreed between two parties. In IKE it is used to authenticate given peer.

PSK or RSA-SIG or RSA-ENC as the authentication mechanism as long as mechanisms used to protect later parts of exchange is "negotiated" in MM1/MM2 or AM1 and AM2.

Hash - is one was crypto function - read more

Phase 1 (from MM5) and Phase 2 exchanges are protected by whatever will be negotiated in MM1/MM2. Phase 2 esteblishes how actual traffic will be encrypted.

If you want to read about the encapsulation mechanism and math behind it, RFC(s) are your freiends.

Thanks Marcin,

Upon reading all Rfc, below are my understanding. plz correct if it is wrong.

session key = derived from DH using local pvt key & remote pub key. This session key used in phase 1 is to keep a secured isakmp channel for quick mode.

shared secret key = phase 1 preshared key, which again used as an input to hash algorightm and encrypted using des/3des and authenticates each peer using the hash value (which is never decrypted).

Encryption is available in phase1 and 2, but phase1 is used for negotiation and hash value exchanges..

phase 2 encryption used for actual encryption of the message.

Can you pls verify this...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: