The goal of IPSec is to protect the desired data with the needed security services. IPSec operation can be broken down into five primary steps:
■ Interesting traffic: Traffic is deemed interesting when the VPN device recognizes that the traffic you want to send needs to be protected.
■ IKE Phase 1: A basic set of security services are negotiated and agreed upon between peers. These security services protect all subsequent communications between the peers. IKE Phase 1 sets up a secure communication channel between peers.
■ IKE Phase 2: IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages that are exchanged between endpoints.
■ Data transfer: Data is transferred between IPSec peers based on the IPSec parameters and keys that are stored in the SA database.
■ IPSec tunnel termination: IPSec SAs terminate through deletion or by timing out.
© 2005 Cisco Systems,
Was this article helpful?