09-05-2007 04:46 AM
hi all,
can any tell me how ipsec vpn is established.
i know that ipsec uses IKE for establishing SA.
what is requirement for SA.
what i know is that without SA there will be no vpn establish.
thanking you,
prashanth.
09-05-2007 04:57 AM
Please check the pages under:
http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_support_protocol_home.html
regards,
Leo
09-05-2007 05:54 AM
Hi,
The IKE SA and IPSec SA's are two different things. The IKE SA used between two peer to establish a secure channel (phase 1) in order to the phase2 could happen.
For IKE SA the authentication type (preshared or by certificate), the DH group and encryption must be identical. This configured like this:
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key whatever address 10.0.0.1
Hope it helps, rate if does
Krisztian
09-08-2007 05:39 AM
hi Krisztian,
thanks for responding! there few more questions.
what exactly phase1 and phase2 are?
what i know is
phase 1 is for IKE
phase 2 is for IPSEC.
what exactly happen in both phases.
as you said, if phase1 results in secure channel. then what phase 2 results in.
and what exactly happens in phase2.
and how i can verify them,
thatelse commands used for verify.
what portion in the output should be checked.
thanking you,
prashanth.
09-22-2007 05:57 PM
Prashanth,
The below URL should answer most of your questions.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
I hope it helps.
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: