Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: 4 days ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

IPSEC

Jump to Best Answer

Erdem07-13-2017 07:05

Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that

Anand1007-13-2017 09:30Best Answer

Hi The purpose of Ike is to authenticate the peer only. If you look at the flow of messages in phase ...

1. IPSEC

0 Recommend
Erdem
Posted 07-13-2017 07:05

Reply Reply Privately
Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that
2. RE: IPSEC
Best Answer

0 Recommend
Anand10
Posted 07-13-2017 09:30

Reply Reply Privately
Hi

The purpose of Ike is to authenticate the peer only. If you look at the flow of messages in phase 1 you will notice that the exchange and the SA contains the parameters required to setup a secure connection with a trusted peer.

But phase 2 is for the traffic that needs to pass through the secure tunnel. That is where you define proxy IDs which define the IP addresses which will act as remote and local IDs. That is why you have 2 SAs.. one for each direction.

Regards,
Anand

Powered by Higher Logic