IKEv2 is configured in the VPN Community Properties window > Encryption. IKEv2 is supported inside VPN communities working in Simplified mode in versions R71 and higher. The IPsec SA is an agreement on keys and methods for IPsec, thus IPsec takes place according to the keys and methods agreed upon in IKE phase II.Īfter the IPsec keys are created, bulk data transfer takes place: The outcome of phase II is the IPsec Security Association. The key material exchanged during IKE phase II is used for building the IPsec keys. IKE phase II is encrypted according to the keys and methods agreed upon in IKE phase I. Note - The exact negotiation stages differ between IKEv1 and IKEv2. Figure below illustrates the process that takes place during IKE phase I. The outcome of this phase is the IKE SA, an agreement on keys and methods for IKE phase II. In terms of performance, the generation of the Diffie-Hellman Key is slow and heavy.
The goal of the Internet Key Exchange (IKE) is for both sides to independently produce the same symmetrical key. Information can be securely exchanged only if the key belongs exclusively to the communicating parties.
The material used to build these keys must be exchanged in a secure fashion. In symmetric cryptographic systems, both communicating parties use the same key for encryption and decryption.