SRX Services Gateway
SRX Services Gateway

IPSEC

07.13.17   |  
‎07-13-2017 07:04 AM

Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that

1 REPLY
Highlighted
SRX Services Gateway
Solution
Accepted by topic author AhmedMohamed
‎07-14-2017 08:36 AM

Re: IPSEC

07.13.17   |  
‎07-13-2017 09:29 AM
Hi

The purpose of Ike is to authenticate the peer only. If you look at the flow of messages in phase 1 you will notice that the exchange and the SA contains the parameters required to setup a secure connection with a trusted peer.

But phase 2 is for the traffic that needs to pass through the secure tunnel. That is where you define proxy IDs which define the IP addresses which will act as remote and local IDs. That is why you have 2 SAs.. one for each direction.

Regards,
Anand