O'Reilly logo

CCIE Practical Studies: Security (CCIE Self-Study) by Raymond Morrow, Andrew G. Mason, Dmitry Bokotey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IPSec Operation

IPSec involves many component technologies and encryption methods, but its operation can be broken into five main phases:

  1. Interesting traffic initiates the IPSec process— Traffic is deemed interesting when the IPSec security policy configured in the IPSec peers starts the IKE process. This is normally traffic that meets a special configured access list in the same way that dial traffic meets a dial access list to initiate a dial-on-demand routing (DDR) connection.

  2. IKE phase 1— IKE authenticates IPSec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPSec SAs in phase 2.

  3. IKE phase 2— IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers.

  4. Data transfer— Data is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required