1. Intro

IPSec is a way to create an encrypted VPN over another network (often the Internet). IPSec is sometimes described as easy to implement. But there are many pitfalls. Also, most explanations of what IPSec does are either high level (It is an encrypted VPN) or recaps for people that already know how it works and they just list the terminology.

So what are the actual steps in IPSec?

  1. Recognizing traffic that needs to go through the tunnel. This type of traffic is called interesting traffic and the packets trigger the set-up of the tunnel.
  2. IKE phase 1. Both sides iuse Internet Key Exchange to set-up a set of policies that will be used to create a secure channel.
  3. IKE phase 2. This step sets-up an IPSec circuit over the tunnel that was established in phase 1. Both sides also exchange the encryption keys that are used for encrypting the data.
  4. IPSec transmission. The actual transmission of data, using the previously constructed tunnels.
  5. Termination.

This is in short the IPSec process.

In IKE phase 1, a Security Association is created. A security association (SA) is a logical connection between the two endpoints. It is what we colloquially called the secure channel. The SA is created with the Internet Security Association and Key Management Protocol (ISAKMP). The authenticated keying is offered by the protocol Internet Key Exchange (IKE). in precise terminology, ISAKMP is part of IKE. However, Cisco uses only ISAKMP to implement IKE, and the Cisco does not make a distinction between the two. This may be confusing when you connect to non-Cisco equipment. In phase 1, peers exchange information, including:

  • algoritms that are used: hashing, encryption, Diffie-Hellman group
  • the actual Diffie-Hellman exchange to establish a shared secret
  • authentication, typically pre-shared keys