MicroNugget: How to Negotiate in IKE Phase 1 (IPsec)

Показать описание

In this video, Keith Barker covers the five essential items for negotiating IPsec's IKE Phase 1. The best way to make sure your site-to-site tunnels get built is to remember to HAGLE: make sure your HASH, Authentication, Group, Lifetime and Encryption are negotiated and agreed on.

If you have two internal networks that you need to talk to one another securely across the Internet via two ASAs, IPsec is a great way to implement your site-to-site tunnel.

Before the devices will establish the tunnel, you need to negotiate IPsec's IKE Phase 1. There are 5 items. To remember each step, Keith's recommended method is "HAGLE".

• H: Hashing algorithms to verify data integrity
• A: Authentication to verify one another
• G: Groups to generate secret keys
• L: Lifetime to determine how long the tunnel stands up
• E: Encryption to agree which algorithm to use

With these five items negotiated, your ASAs can stand up an IKE Phase 1 tunnel and connect your sites securely across the Internet.

Start learning with CBT Nuggets:

Рекомендации по теме

Комментарии

Couldn't find IKE Phase 2 video :(

efraimg

I love the Ipsec configs I have done. I have all sorts of networks in Packet Tracer with it working across certain segments. Cool stuff.

Russdog

Simple, useful, effective. Thanks for this!

yamabushi

Great simple way to remember it. wish you had SA in there somewhere.

robbiemcguinness

Nice one Keith. Still relevant after all this time. Do you know of any changes or updates to IPsec since the video was made? Cheers.

rockinron

Thanks for this great video to understand IPsec

smfarhan

Awesome as usual Keith. You helped me in studying for my CCIE in R&S. Mike K number 34420.

mjk

Hi nice video, wher I can get the link IKE phase 2 and about Ipsec videos?

sureshdharavath

Thanks
What about RSA as Authentication?

efraimg

Hi @Keith Barker, Could you tell me one thing.
Once tunnel is established(phase 1 and phase 2 both completed) and one peer(sender) gets some data(plain text) to send to other peer (receiver), what would be sequence data would follow at sender's end and receiver's end.

RohitVats-qnff

didn't help. but nice video either way

reinobrowne

MicroNugget: How to Negotiate in IKE Phase 1 (IPsec)

MicroNugget: How to Negotiate in IKE Phase 1 (IPsec)

MicroNugget: How to Use Call Admission Control (CaC) for IKE

MicroNugget: How to Optimize AWS Costs

MicroNugget: What are Switchport Mode Best Practices?

MicroNuggets: Target Value Ratings in Intrusion Prevention Systems Explained

MicroNugget: Call Coverage Explained

MicroNugget: What are SSL Session Keys?

MicroNugget: How to Verify DMVPNs

MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets

MicroNugget: How to Configure Fast Ethernet for OSPF

MicroNugget: How to Increase Throughput with EtherChannel

CBT Nuggets Gets April Fooled

IPsec - IKE Phase 1 | IKE Phase 2

MicroNugget: How to Use Dynamic IPs Using FlexVPN and IKEv2

MicroNugget: What is a Broadcast?

MicroNugget: How to Use VPN Authentication Using RADIUS

MicroNugget: How to Map a Connection Profile on the ASA from a Certificate

MicroNugget: What is Wireless Sniffing?

MicroNugget: Site to Site IPsec VPNs using Virtual Tunnel Interfaces (VTIs)

MicroNugget: How to Use ASA VPN Connection Profiles

MicroNugget: What is DHCP Starvation Attack?

MicroNugget: What are the Different Types & Functions of Security Controls?

MicroNugget: How to Make a VPN Connection Using SSTP

MicroNugget: What is ASA Active/Standby Failover?