vpn tunnel

Unanswered Question
Aug 9th, 2007

Hi all, when people define phase 1 and phase 2 of ipsec, what does this mean, also , why do you have different settings i.e aes,sha1 etc for isakmp and ipsec profiles, why do you need this ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ross.bagurdes Thu, 08/09/2007 - 10:49

Phase 1 establishes a secure connection, so the random key for phase 2 can be passed. This secure connection is either based on the pre-shared key or a cert. The algorithms you choose are just to determine how to negotiate the session.

Phase 2 uses the secure key created and passed in phase one to create the tunnel to pass data.

You can specify a different encryption algorythm for your key exchange and data exchange.

IPsec, can be pretty daunting to get into. There is a lot of doc's out there both on the web and on cisco's site. I'd recommend doing some research. I've found the learning curve to be steep.

carl_townshend Fri, 08/10/2007 - 07:52

so is phase 1 and 2 both the intial connection to the device, or is my domain authenication phase 2? i am confused



This Discussion