Show pagesourceBack to top Share via Share via... Twitter LinkedIn Telegram Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents Modes Phases of IPSec key exchange IKE (Phase 1) Phase 2 further information IPSec Modes Tunnel (used most of the time) Transport Phases of IPSec key exchange IKE (Phase 1) nternet Key Exchange (IKE) phase. When endpoint Alpha decides to use a tunnel to send a packet to endpoint Beta, it looks at its own configuration and sees: Phase 1 Configuration Hash Algorithm: HMAC-SHA1 Encryption Algorithm: AES256 Diffie-Hellman Key Exchange Group: 2 Key life: 86400 seconds (can also be specified as number of bytes) Pre-shared key: k2;2.6TbYl+{/qa Endpoint Alpha IP address: 172.16.0.1 Endpoint Beta IP address: 172.31.255.1 Mode: main Alpha wants to bring the tunnel up, so it will send an IKE protocol packet to Beta containing a set of acceptable hashing and encryption methods to use. In this case, we would make an offer to use SHA1/AES256. The IKE protocol is just a layer 7 protocol, operating over UDP port 500. Beta, if configured to use those methods, will ack the proposal. Alpha will then send a nonce of the pre-shared key secret password utilizing the Diffie-Hellman method with modulo (group) 2, or 1024 bits. Phase 2 Using the newly created authenticated and encrypted channel established in phase 1, the following phase 2 parameters are confirmed between both endpoints, again, using IKE further information Optimising IPSec tunnels Last modified: 2022-09-06 15:26