CISCO IPSEC VPN CLIENT AGGRESSIVE MODE CONFIGURATION WINDOWS
With the Cisco Secure VPN Client, you use menu windows to selectconnections to be secured by IPSec. The access lists are assigned to a crypto policy such that permitstatements indicate that the selected traffic must be encrypted, and denystatements can be used to indicate that the selected traffic must be sentunencrypted. For example, in Ciscorouters and PIX Firewalls, access lists are used to determine the traffic toencrypt. The policy is then implemented in theconfiguration interface for each particular IPSec peer. This five-step process is shown in Figure 1-15.įigure 1-15 The Five Steps of IPSec Step 1: Defining Interesting Trafficĭetermining what type of traffic is deemed interesting is part of formulatinga security policy for use of a VPN. IPSec tunnel terminationIPSec SAs terminate through deletion or by timing out. IKE phase twoIKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers.ĭata transfer≽ata is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IKE phase oneIKE authenticates IPSec peers and negotiates IKE SAs during this phase, setting up a secure channel for negotiating IPSec SAs in phase two. Interesting traffic initiates the IPSec processTraffic is deemed interesting when the IPSec security policy configured in the IPSec peers starts the IKE process. The five steps are summarized as follows: Yet IPSec's operation can be broken down into five main steps. IPSec involves many component technologies and encryption methods.