Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

vpn tunnel

Hi all, when people define phase 1 and phase 2 of ipsec, what does this mean, also , why do you have different settings i.e aes,sha1 etc for isakmp and ipsec profiles, why do you need this ?

New Member

Re: vpn tunnel

Phase 1 establishes a secure connection, so the random key for phase 2 can be passed. This secure connection is either based on the pre-shared key or a cert. The algorithms you choose are just to determine how to negotiate the session.

Phase 2 uses the secure key created and passed in phase one to create the tunnel to pass data.

You can specify a different encryption algorythm for your key exchange and data exchange.

IPsec, can be pretty daunting to get into. There is a lot of doc's out there both on the web and on cisco's site. I'd recommend doing some research. I've found the learning curve to be steep.

New Member

Re: vpn tunnel

so is phase 1 and 2 both the intial connection to the device, or is my domain authenication phase 2? i am confused


CreatePlease to create content