ipsec vpn establishment

Unanswered Question
Sep 5th, 2007
User Badges:

hi all,

can any tell me how ipsec vpn is established.

i know that ipsec uses IKE for establishing SA.

what is requirement for SA.

what i know is that without SA there will be no vpn establish.

thanking you,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


The IKE SA and IPSec SA's are two different things. The IKE SA used between two peer to establish a secure channel (phase 1) in order to the phase2 could happen.

For IKE SA the authentication type (preshared or by certificate), the DH group and encryption must be identical. This configured like this:

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key whatever address

Hope it helps, rate if does


bethamprashanth Sat, 09/08/2007 - 05:39
User Badges:

hi Krisztian,

thanks for responding! there few more questions.

what exactly phase1 and phase2 are?

what i know is

phase 1 is for IKE

phase 2 is for IPSEC.

what exactly happen in both phases.

as you said, if phase1 results in secure channel. then what phase 2 results in.

and what exactly happens in phase2.

and how i can verify them,

thatelse commands used for verify.

what portion in the output should be checked.

thanking you,



This Discussion