cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
384
Views
5
Helpful
4
Replies

ipsec vpn establishment

bethamprashanth
Level 1
Level 1

hi all,

can any tell me how ipsec vpn is established.

i know that ipsec uses IKE for establishing SA.

what is requirement for SA.

what i know is that without SA there will be no vpn establish.

thanking you,

prashanth.

4 Replies 4

lgijssel
Level 9
Level 9

kerek
Level 4
Level 4

Hi,

The IKE SA and IPSec SA's are two different things. The IKE SA used between two peer to establish a secure channel (phase 1) in order to the phase2 could happen.

For IKE SA the authentication type (preshared or by certificate), the DH group and encryption must be identical. This configured like this:

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key whatever address 10.0.0.1

Hope it helps, rate if does

Krisztian

hi Krisztian,

thanks for responding! there few more questions.

what exactly phase1 and phase2 are?

what i know is

phase 1 is for IKE

phase 2 is for IPSEC.

what exactly happen in both phases.

as you said, if phase1 results in secure channel. then what phase 2 results in.

and what exactly happens in phase2.

and how i can verify them,

thatelse commands used for verify.

what portion in the output should be checked.

thanking you,

prashanth.

Prashanth,

The below URL should answer most of your questions.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

I hope it helps.

Regards,

Arul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: