Sign Up
Log In
Home
discussion
Exam 400-101 Question id=744 VPN Technologies

Drag and drop the IKE Phase 2 into corresponding order.

IPSec SAs are negotiated
A data management tunnel is established
Peers are authenticated
An ISAKMP SA is negotiated
A key management tunnel is established
1
IPSec SAs are negotiated
2
A data management tunnel is established

Internet Key Exchange (IKE) is a protocol that is used to negotiate security parameters and manage security keys, particularly for IP Security (IPSec). There are two phases of IKE security negotiation.

In Phase 1, the IKE peers negotiate an Internet Security Association and Key Management Protocol (ISAKMP) security association (SA). An SA is a collection of security configuration parameters that each endpoint agrees to use, thus enabling the construction of a secure channel of communication. The peers then establish a key management tunnel and authenticate each other. Authentication is provided by either preshared keys or digital certificates. The key management tunnel is used to protect the SA negotiations that occur in Phase 2.

In Phase 2, IKE negotiates IPSec SAs to establish a data management tunnel. Because Phase 2 uses the key management tunnel created during Phase 1, it is not necessary for the IKE peers to be reauthenticated during Phase 2. The data management tunnel is used to protect the data that is transferred between the IPSec
virtual private network (VPN) peers.