Understanding IKE and IPsec Packets

An IPsec VPN tunnel consists of two major elements:

Tunnel Setup—The peers first establish security associations (SAs), which define the parameters for securing traffic between themselves. The admins at each end can define the SAs manually, or they can configure the endpoints to define SAs dynamically through IKE Phase 1 and Phase 2 negotiations. Phase 1 can occur in either Main mode or Aggressive mode. Phase 2 always occurs in Quick mode.
Applied Security—IPsec protects traffic sent between the two tunnel endpoints by using the security parameters defined in the SAs that the peers agree to during the tunnel setup. IPsec can be applied in either Transport mode or Tunnel mode. Both modes support the Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols.

Before You Begin
For background information, read Understanding IPsec Operational Modes. Understanding IPsec Security Protocols. Understanding IPsec Security Associations (SAs). Understanding IPsec Key Management .

Before You Begin

For background information, read

This topic covers: