Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mystical IPSec

Greetings to All.  I am studying for CCNP exams in R&S.  I have just managed to get a VPN connection working after struggling with it for several days.  Even so, the entire aspect of IPSec seem very mysterious.  I am seeing terms liek IKE, IPSec SA, ISAKMP SA, phase 1 and phase 2, negotiations, shared keys, digital certificate, nonces and all that.   I just cannot put these terms together and form a complete picture.  I reckon that I may have to veer into security.  Here is where you can help me.  Please, recommend good materials that I can use in order to gain a firm understanding of how the topics tie together. 

When I say I got a VPN connection working, I mean I simulated it, not a production VPN connection.  Not sure I can repeat the process without going through the configurations all over again.  I wish to understand the relationships so that I would not need to memorize my configuration file.

Thanks for your contributions.   


Mystical IPSec

IKE = Protocal for exchanging keys and forming a VPN

IPSec SA = Established Tunnel (Phase 2)

ISAKMP SA = Established Phase 1 between peers (alg, sec negotiations)

Phase1 = IKE (shared secrets exchange, lifetime, crypto algs)

Phase2 = IPSEC SA (lifetime, crypto algs, defined networks)

Shared secret = Password that have to match on both ends

Certificate = for use instead of shared secret

You should start from the beginning .. just search around ipsec howto, it isn't that hard to learn.

Understanding EIGRP is much harder which you'll have to when you are studying for CCNP RS


Please rate all helpful posts

Michael Please rate all helpful posts
New Member

Mystical IPSec

Thank you, Michael. That was helpful.