IPSec involves many component technologies and encryption methods, but its operation can be broken into five main phases:
Interesting traffic initiates the IPSec process— Traffic is deemed interesting when the IPSec security policy configured in the IPSec peers starts the IKE process. This is normally traffic that meets a special configured access list in the same way that dial traffic meets a dial access list to initiate a dial-on-demand routing (DDR) connection.
IKE phase 1— IKE authenticates IPSec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPSec SAs in phase 2.
IKE phase 2— IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers.
Data transfer— Data is ...