IKE Phase 1 and IKE Phase 2 are doing 2 separate things.
Phase 2 is concerned with setting up tunnels for the exchange of the actual data. The encryption algorithm as well as the hash eg. md5/sha are used to actually encrypt the data that is sent between peers. But to be able to do this the 2 peers need to have exchanged a key to use to encrypt and decrypt the actual data.
Problem is how do you securely exchange the key that IKE Phase 2 needs to encrypt/decrypt the data. You can't just send it in clear text as this key provides the security for the data.
So you need to setup a secure connection between the 2 VPN peers so that you can send the key needed by Phase 2 but keep that exchange secure. This is what IKE Phase 1 does. It setups a secure connection to then exchange a key to be used for Phase 2.
So you can use a different encryption and hash algorithm as the 2 phases are separate. It's common to use the same for both phases but you don't have to.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.