Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ipsec vpn establishment

hi all,

can any tell me how ipsec vpn is established.

i know that ipsec uses IKE for establishing SA.

what is requirement for SA.

what i know is that without SA there will be no vpn establish.

thanking you,

prashanth.

4 REPLIES

Re: ipsec vpn establishment

Silver

Re: ipsec vpn establishment

Hi,

The IKE SA and IPSec SA's are two different things. The IKE SA used between two peer to establish a secure channel (phase 1) in order to the phase2 could happen.

For IKE SA the authentication type (preshared or by certificate), the DH group and encryption must be identical. This configured like this:

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key whatever address 10.0.0.1

Hope it helps, rate if does

Krisztian

New Member

Re: ipsec vpn establishment

hi Krisztian,

thanks for responding! there few more questions.

what exactly phase1 and phase2 are?

what i know is

phase 1 is for IKE

phase 2 is for IPSEC.

what exactly happen in both phases.

as you said, if phase1 results in secure channel. then what phase 2 results in.

and what exactly happens in phase2.

and how i can verify them,

thatelse commands used for verify.

what portion in the output should be checked.

thanking you,

prashanth.

Cisco Employee

Re: ipsec vpn establishment

Prashanth,

The below URL should answer most of your questions.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

I hope it helps.

Regards,

Arul

189
Views
5
Helpful
4
Replies
CreatePlease to create content