Concerning IPSec VPN Negotiations
IPSec peers are the devices at each end of an IPSec VPN channel. To construct the VPN tunnel, IPSec peers exchange a sequence of messages about encryption and authentication, attempting to reach an agreement on a variety of criteria. VPN negotiations are the name given to this process. The initiator of the negotiation sequence is one device, and the response is another.
VPN talks take place in two stages: Phase 1 and Phase 2.
Phase 1
Phase 1’s primary goal is to establish a secure encrypted channel over which the two peers can negotiate Phase 2. When Phase 1 is completed successfully, the peers immediately go on to Phase 2 negotiations. If Phase 1 fails, the devices will be unable to commence Phase 2.
Phase 2
The goal of Phase 2 talks is for the two peers to agree on a set of parameters that specify what traffic may and cannot pass through the VPN, as well as how to encrypt and authenticate the data. This type of agreement is known as a Security Association.
The Phase 1 and Phase 2 configurations for the devices on either end of the tunnel must match.