There are five generic steps in the lifecycle of any IPsec VPN. The steps described here are applied specifically to site-to-site VPNs, but these steps are true whenever any two endpoints wish to establish an IPsec VPN between them. The five steps in the life of an IPsec VPN are as follows:
Step 1 Specify interesting traffic.
Step 2 IKE phase 1.
Step 3 IKE phase 2.
Step 4 Secure data transfer.
Each of these steps is detailed in the following sections. Some of these steps should be familiar from Chapter 12, "IPsec Overview," where IKE was a primary ingredient. In this chapter, IKE is moved from the explanation to the implementation.
The name "VPN tunnel" is somewhat of a misnomer to some. There is no tunnel that the packets are locked inside of as they transit the Internet (or some insecure network). All the IPsec VPN packets are subject to interception and capture at any point during their travels. Data integrity ensures that the data was not modified during any unscheduled stop, while data confidentiality guarantees that the contents of the packets cannot be deciphered by any unwanted inspectors.
Was this article helpful?