[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Understanding IPsec Tunnel Negotiation

For a manual key IPsec tunnel, because all of the SA parameters have been previously defined, there is no need to negotiate which SAs to use. In essence, the tunnel has already been established. When traffic matches a policy using that manual key tunnel or when a route involves the tunnel, the Juniper Networks device simply encrypts and authenticates the data, as you determined, and forwards it to the destination gateway.

Before You Begin
For background information, read Understanding IPsec Operational Modes. Understanding IPsec Security Protocols. Understanding IPsec Security Associations (SAs). Understanding IPsec Key Management . Understanding IKE and IPsec Packets.

Before You Begin

For background information, read

Understanding IPsec Operational Modes.
Understanding IPsec Security Protocols.
Understanding IPsec Security Associations (SAs).
Understanding IPsec Key Management .
Understanding IKE and IPsec Packets.

To establish an AutoKey IKE IPsec tunnel, two phases of negotiation are required:

In Phase 1, the participants establish a secure channel in which to negotiate the IPsec SAs.
In Phase 2, the participants negotiate the IPsec SAs for encrypting and authenticating the ensuing exchanges of user data.

This topic covers:

Phase 1 of IKE Tunnel Negotiation
Phase 2 of IKE Tunnel Negotiation
Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]