[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
Understanding IKE and IPsec Packets
An IPsec VPN tunnel consists of two major elements:
-
Tunnel Setup—The peers first
establish security associations (SAs), which define the parameters
for securing traffic between themselves. The admins at each end can
define the SAs manually, or they can configure the endpoints to define
SAs dynamically through IKE Phase 1 and Phase 2 negotiations.
Phase 1 can occur in either Main mode or Aggressive mode. Phase 2
always occurs in Quick mode.
-
Applied Security—IPsec protects traffic
sent between the two tunnel endpoints by using the security parameters
defined in the SAs that the peers agree to during the tunnel setup.
IPsec can be applied in either Transport mode or Tunnel mode. Both
modes support the Encapsulating Security Payload (ESP) and Authentication
Header (AH) protocols.
Before You Begin
|
For background information, read
|
This topic covers:
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]