During phase 2 HMAC is using as authentication method, and HMAC apend a key to the data before hashing.
How the 2 peers agree on that key ???
It comes from Diffie-Hellman exchange. DH allows two peers communicating over insecure medium to generate a secret key that only they know.
However DH is vulnerable to man-in-the middle attack that's why either pre-shared key or certificates are needed to make sure you connect to the right peer...
any updates please
That is correct. Not exactly the same key, but something that is calculated from it using some simple formula. If you take a look at RFC 2409 (IKEv1, https://tools.ietf.org/html/rfc2409) the original session key is called SKEYID and the derived keys are SKEYID_e (encryption), SKEYID_a (authentication = HMAC).
Dont know how thank you for the reat explanation, i have understood what i was looking for
the article which you provided https://tools.ietf.org/html/rfc2409) is very difficult to understand i wish if one day i would found someone like you explaning phase 1 and phase 2 in details
thx again for your help