SRX

Ike phase is a chanel not a tunnel because transmitted traffics are not encapsulated by esp or ah headers unlikr phase 2 which perform encapsulation

1- is that correct ????

2- does message 5 and 6 are sent encapsulated or not ??

Both your statements are correct.

Regards,
Anand

im still not sure ..

message 5 and 6 in main are encapsulated with ESP or not ??

ESP is only used for traffic encryption through the tunnel. Which means Phase 1 or Phase 2 don’t use ESP.

Phase 1 5th and 6th Messages are encapsulated using the encryption algorithms and other parameters exchanged on the first 4 messages.

If the peers are able to decrypt the 5th and 6th messages successfully they move to Phase 2 negotiations again encrypted with the same parameters used in 5th and 6th message.

This is to make sure the traffic encryption methods and keys used for actual traffic is encrypted.

Once Phase 2 is complete, traffic flow through VPN using ESP/AH and encryption/hash mechanisms exchanged during Phase 2.

I hope this clarifies.

i was shoked , becase all theis time i though the opposite due to JNCIP meterial it was saying that at final end of phase 1 ESP ad 2 new headers and a footer

That’s strange and document needs correction… you may check the pcap attached for a better understanding,

Packets 14 to 19 are the phase 1 negotiation - packets 18 and 19 will be encrypted

Packets 20,21 and 22 are the Phase 2 negotiations and they are also encrypted

Packets from 23 are the actual esp traffic

Please note that the negotiation on which protocol to use ESP/AH happens during the first message of Phase 2, so we cannot use this before the phase 2 negotiation is complete

Dear Suraj

thx for your assistant , i would be glad if you provide me with the pcap

For some reason its not accepting the pcap file as attachment. You may download the negotiation capture from http://packetlife.net/captures/protocol/isakmp/