If the two VPN peer IP addresses match, then the next step is to match the pre-shared key between the two VPN devices.
With this specific static configuration, both pre-shared key and remote IP address are statically configured into the VPN device.ĭuring the Phase 1 VPN tunnel establishment using the static configuration of both pre-shared key and remote IP address, the two VPN peer IP addresses (the local and the remote) must match. A popular technique is to specifically set the remote peer IP address (for security purposes) known as static configuration. Phase 1 in IPSec VPN connection establishment is also involving the remote VPN device IP address (peer). The key is then stored (and encrypted) within each VPN device configuration. This key is basically a string (combination of alphabets, numbers, and characters) that both sites agree to use. One popular technique of this ISAKMP key matching is to use pre-shared key. Phase 1 is to establish the ISAKMP key matching with remote site.
This process is to verify that each site is authorized to establish such connection. In general, Phase 1 deals with confirmation among sites that are about to establish secure connection across unsecure network. Phase 1 is called IKE or ISAKMP SA (Security Association) establishment and Phase 2 is called IPSec SA establishment. Setting up site-to-site IPSec VPN connection in general involves two phases.
Setting Up Private Site-To-Site Connections
0 kommentar(er)
