Step 1:- Negotiate the IKE Phase 1 Tunnel (ISAKMP Tunnel).
Peers 1st Negotiate over Public (shared ) Network using IKE Phase 1 .
Also know as ISAKMP Tunnel.
Protects only Management Traffic related to IPSec VPN . (No user Data is Transferred over this Tunnel.)
Negotiate 5 Parameters –
“ H A G L E “
Hashing Algorithm - Integrity - MD5 , SHA
Authentication - Verification of Peer - Preshared Key (PSK), RSA Signature
DH Group - Secret Key Exchange -DH1 ,2 ,5 ,14 etc.
Lifetime - Duration of Tunnel – Default 1 Day = 86400 Seconds
Encryption - Confidentiality - DES , 3DES ,AES (key size)
Step 2 :- DH Key Exchange.
After IKE Phase 1 negotiation DH ( Diffie Hellman) Key Exchanges are exchange between peers.
Which allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
It is defined in IKE Phase 1 configuration
Step 3:- Peer Authentication.
Now Peers Authenticate each other.
The Verification i.e Authentication is done by either using
Pre-Shared Key (PSK)
RSA Digital Signature .
Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).
IKE Phase 2 is only formed once IKE Phase 1 is formed successfully .
This is also know as IPSec Tunnel.
This Negotiation is not done on public network. It is done on already established secure IKE Phase 1 tunnel . Hence it is completely Private Tunnel.
Here Users traffic is Protected.
Once IKE Phase 2 tunnel is formed then User traffic travel through it .
Tip :-
In IKE Phase 1 Configuration – We define Policy
In IKE Phase 2 Configuration – We define Transform Set (Encryption – Hashing)
Peers 1st Negotiate over Public (shared ) Network using IKE Phase 1 .
Also know as ISAKMP Tunnel.
Protects only Management Traffic related to IPSec VPN . (No user Data is Transferred over this Tunnel.)
Negotiate 5 Parameters –
“ H A G L E “
Hashing Algorithm - Integrity - MD5 , SHA
Authentication - Verification of Peer - Preshared Key (PSK), RSA Signature
DH Group - Secret Key Exchange -DH1 ,2 ,5 ,14 etc.
Lifetime - Duration of Tunnel – Default 1 Day = 86400 Seconds
Encryption - Confidentiality - DES , 3DES ,AES (key size)
Step 2 :- DH Key Exchange.
After IKE Phase 1 negotiation DH ( Diffie Hellman) Key Exchanges are exchange between peers.
Which allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
It is defined in IKE Phase 1 configuration
Step 3:- Peer Authentication.
Now Peers Authenticate each other.
The Verification i.e Authentication is done by either using
Pre-Shared Key (PSK)
RSA Digital Signature .
Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).
IKE Phase 2 is only formed once IKE Phase 1 is formed successfully .
This is also know as IPSec Tunnel.
This Negotiation is not done on public network. It is done on already established secure IKE Phase 1 tunnel . Hence it is completely Private Tunnel.
Here Users traffic is Protected.
Once IKE Phase 2 tunnel is formed then User traffic travel through it .
Tip :-
In IKE Phase 1 Configuration – We define Policy
In IKE Phase 2 Configuration – We define Transform Set (Encryption – Hashing)
Thanks for Reading !!!!!
No comments:
Post a Comment