Summary of the IPsec Story
In summary, the VPN peers/gateways negotiate the IKE Phase 1 tunnel using aggressive or main mode, and then use Quick mode to establish the IKE Phase 2 tunnel. They use the IKE Phase 2 tunnel to encrypt and decrypt user packets. Behind the scenes, the IKE Phase 2 tunnel really creates two one-way tunnels: one from R1 to R2 and one from R2 to R1. The end user does not see the process in any detail, and end users do not know the encryption is even being applied to their packets. So, we could say we have one IKE Phase 1 bidirectional tunnel used for management between the two VPN peers and two IKE Phase 2 unidirectional tunnels used for encrypting and decrypting end-user packets. These tunnels are often referred to as ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
