SRX

Expand all | Collapse all

IPSEC

Jump to Best Answer
  • 1.  IPSEC

    Posted 07-13-2017 07:05

    Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that



  • 2.  RE: IPSEC
    Best Answer

     
    Posted 07-13-2017 09:30
    Hi

    The purpose of Ike is to authenticate the peer only. If you look at the flow of messages in phase 1 you will notice that the exchange and the SA contains the parameters required to setup a secure connection with a trusted peer.

    But phase 2 is for the traffic that needs to pass through the secure tunnel. That is where you define proxy IDs which define the IP addresses which will act as remote and local IDs. That is why you have 2 SAs.. one for each direction.

    Regards,
    Anand