Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
5
Helpful
2
Replies

isakmp phases? list?

m.matteson
Level 2
Level 2

‎06-05-2003 06:43 PM - edited ‎03-02-2019 07:55 AM

could someone list for me what occurs at each phase of isakmp and ipsec? ex. phase 1, phase 2. just curios. read something about it before. thanks!

Labels:
0 Helpful
2 Replies 2

mnaveen
Level 1
Level 1

‎06-05-2003 08:05 PM

Hi,

As you are aware VPN connections goes on in 2 phases. Phase-1 for ISAKMP negotiations and Phase-2 IPSec negotiations. Phase-1 can go in either Main-mode and aggressive mode. The main difference b/n the two is that aggressive mode combines many messages into one and thereby reduces the time to create a VPN tunnel. IKE Phase-1 has only one mode, namely, Quick mode, which occurs after IKE has established the secure tunnel in Phase-1.

Phase-1

------------

Basic purpose is to authenticate the IPSec peers and to set up a secure channel between the peers to enable IKE exchanges. Performs the following.

1. Negotiates a matching IKE SA polocy between peers.

2. Performs an authenticated DH key exchange.

3. Authenticates and protects the identities.

4. Set up a secure tunnel to negotiate IKE Phase-2 parameters.

Phase-2

------------

Basic purpose is to negotiate IPSec SAs to set up the IPSec tunnel. Phase-2 performs the following functions.

1. Negotiates IPSec SA parameters protected by an existing IKE SA

2. Establishes IPSec SAs

3. Periodically renegotiates IPSec SAs to ensure security.

4. Optionally performs an additional DH exchange.

If you have any particular issue, get back to me.

Have a nice day !

Naveen

mnaveen@cisco.com

m.matteson
Level 2
Level 2
In response to mnaveen

‎06-06-2003 02:54 AM

thanks Naveen, that was a great explaination. Are there more then two phases? Also do you know of any good articles around that would explain what SAs are and any other thing I should probably know? Again thanks, that helped my curiosity :) Unfortunatly the more I learn the more I want to know. HAHA!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents