Professional Documents
Culture Documents
Internet Protocol Security (IPsec)
Internet Protocol Security (IPsec)
2. IKE Version 2
In IKE phase 1, two peers will negotiate about the encryption, authentication,
hashing and the other protocols that they want to use some other parameter that
are required. In the phase, an ISAKMP (internet security Association and key
Management Protocol) session established . This is also called the ISAKMP tunnel
or IKE phase 1 tunnel .
The collection of parameter that the two devices will use is called SA (security
Association)
The IKE phase 1 tunnels is only used for management traffic . We use this tunnel
as secure method to established the second tunnel called IKE Phase 2 tunnel or
IPSEC Tunnel and for the management traffic like keepalives.
💡 AH and ESP both offer authentication and integrity but only ESP
supports encryption. Because of this, ESP is the most popular choice
nowadays.
Tunnel Mode
The main difference of between the two is that with the transport mode we will
use the original IP Header wile in Tunnel mode , we use new IP Header :
IKE phase 2: within the IKE phase 1 tunnel, we build the IKE phase 2 tunnel
(IPsec tunnel).
Data transfer: we protect user data by sending it through the IKE phase 2
tunnel.