SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 119
Registered: ‎03-11-2017
0 Kudos
Accepted Solution

IPSEC

Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that

Highlighted
Trusted Contributor
Posts: 87
Registered: ‎07-19-2016

Re: IPSEC

Hi

The purpose of Ike is to authenticate the peer only. If you look at the flow of messages in phase 1 you will notice that the exchange and the SA contains the parameters required to setup a secure connection with a trusted peer.

But phase 2 is for the traffic that needs to pass through the secure tunnel. That is where you define proxy IDs which define the IP addresses which will act as remote and local IDs. That is why you have 2 SAs.. one for each direction.

Regards,
Anand