IKE phase 1 and 2

gouki2005

I have some confuse here

if i understand well the IKE phase 1 is just for the keys and the peers right authetication and encryptation for the public key and who is the guy in the other side right?

and IKE phase 2 is for the data so now i have a secure path i know the other peer is safe so now i can send my data to the other side with AH or ESP

i am right or wrong?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

instant000

Are you trying to say this?

ISAKMP Phase 1: The first phase is a “setup” stage where two devices agree on how to exchange further information securely. This negotiation between the two units creates a security association for ISAKMP itself; an ISAKMP SA. This security association is then used for securely exchanging more detailed information in Phase 2.

ISAKMP Phase 2: In this phase the ISAKMP SA established in Phase 1 is used to create SAs for other security protocols. Normally, this is where the parameters for the “real” SAs for the AH and ESP protocols would be negotiated.

Source:

http://www.tcpipguide.com/free/t_IPSecKeyExchangeIKE.htm