[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an IKE IPsec Tunnel—Overview

IKE IPsec tunnel negotiation occurs in two phases. In Phase 1, participants establish a secure channel in which to negotiate the IPsec security association (SA). In Phase 2, participants negotiate the IPsec SA for authenticating traffic that will flow through the tunnel.

Before You Begin
For background information, read Understanding IPsec Operational Modes. Understanding IPsec Tunnel Negotiation. Understanding IPsec Security Protocols. Understanding IPsec Security Associations (SAs). Understanding IPsec Key Management . Understanding IKE and IPsec Packets.

Before You Begin

For background information, read

Tunnel configuration can be confusing, and a good way to understand it is to keep in mind that just as there are two phases to tunnel negotiation, there are two phases to tunnel configuration. The following procedure lists the order in which you must configure an IPsec tunnel if you use either the J-Web, or the J-Web Quick Configuration. Although you need not follow this sequence when using the CLI configuration editor, we recommend that you do. If, for example, you go out of sequence and configure a Phase 1 policy before you have configured a proposal, you cannot easily reference the proposal in the policy because it will not appear in the interface.

Phase 1
1. Configure IKE Phase 1 proposals
2. Configure IKE policies (and reference the proposals)
3. Configure IKE gateway (and reference the policy)
Phase 2
1. Configure Phase 2 proposals
2. Configure policies (and reference proposals)
3. Configure IPSec Autokey IKE (and reference the policy and gateway)

Configuring an IKE IPsec Tunnel—Overview

Related Topics