Data Encryption Tunnel Ee Once the Keys are generated and exchanged, you are ready for the Data Tunnel. The first tunnel now goes into IDLE state. A new tunnel needs to be setup for the Data Tunnel. This tunnel also requires the % Parameters [Key, Encryption, Hash], The Key used for this tunnel is the dynamically generated key that was exchanged in the first tunnel. You need to define the Encryption and Hash parameters for this tunnel as welt The protocol used for this tunnel is ESP [IP Protocol 50].IPSec Tunnels Sci DDH Session Key RI DH Session Key R2 RL Key = SKI ‘Key - SKI(G)) IPSec LAN — To — LAN Tunnels > Policy Based tunnels are tunnels that are configured by specifying the Interesting traffic [Traffic that needs to be encrypted] by using a Policy [ACLI. : > If the traffic match the Policy [ACL] it is encapsulated within the ESP header. The Outer header will have the Public IP Addresses of the Tunnel Endpoints. > The Drawback is that every time a new network is added, the ACL needs to be modified on both ends.