Tunnel terminated The tunnel is torn down
The goal of IPSec is to protect the desired data with the needed security services. IPSec operation can be broken down into five primary steps:
■ Interesting traffic: Traffic is deemed interesting when the VPN device recognizes that the traffic you want to send needs to be protected.
■ IKE Phase 1: A basic set of security services are negotiated and agreed upon between peers. These security services protect all subsequent communications between the peers. IKE Phase 1 sets up a secure communication channel between peers.
■ IKE Phase 2: IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages that are exchanged between endpoints.
■ Data transfer: Data is transferred between IPSec peers based on the IPSec parameters and keys that are stored in the SA database.
■ IPSec tunnel termination: IPSec SAs terminate through deletion or by timing out.
© 2005 Cisco Systems,
Post a comment