I have a few questions about VPN and maybe someone can help me understand a little better:
ISAKMP is phase 1 which builds the tunnel,matching endpoints correct?
IPSEC is phase 2 which encrypts the traffic after the tunnel has been built and is active, correct?
The router then will not even attemp to encrypt the data and send it across the tunnel, unless phase 1 is working, correct?
The crypto isakmp policy is phase 1,
and the transform set is phase 2, is this correct?
Does the encryption in the isakmp policy have to match the transform set at all (3des, sha)or can you have aes in phase1, 3des in phase2?
I guess I don't understand about how the transform set is made up and why it is made up the way it is with multiple components:
why does the crypto map refernece ipsec-isakmp (both of them)?
Since the crypto map applies an access-list to encrypt the data in the list, this is part of ipsec, phase 2, is this correct?