Five Steps in Setting Up and Tearing Down an IPsec Site-to-Site VPN Using IKEv1 by Anthony Sequeira

The process of establishing, maintaining, and tearing down an IPsec site-to-site VPN consists of five primary steps, which are illustrated in figure 19.4 and described in detail in the list that follows.

Step 1. PC1 sends traffic destined for PC2. Router 1 classifies the traffic as "interesting" traffic, and this classification initiates the creation of an IPsec tunnel.

Step 2. Router1 and Router2 negotiate an SA (security association) used to form an IKE (Internet Key exchange) Phase 1 tunnel, which is also known as an ISAKMP (Internet Security Association and Key Management Protocol) tunnel.

Step 3. Within the protection of the IKE Phase 1 tunnel, an IKE Phase 2 tunnel is negotiated and set up. An IKE Phase 2 tunnel is also known as an IPsec tunnel.

Step 4. After the IPsec tunnel is established, interesting traffic (for example traffic classified by an ACL) flows through the protected IPsec tunnel. Note that traffic not deemed interesting can still be sent between PC1 and PC2. However. the noninteresting traffic outside the protection of the IPsec tunnel.

Step 5. After no interesting traffic is seen for a specified amount of time, the IPsec tunnel is torn down and IPsec SA is deleted.

This example describes an IPsec site-to-site VPN, but the procedure is similar for a client-to-site VPN. IPsec is typically deployed using IKEv1, with its two phases (Phase 1 and Phase 2).

About The Author

Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor (CCSI) and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion-teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company, KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next-generation of KnowledgeNet, Anthony is also a VMware Certified Professional.

CompTIA Network+ N10-008 Cert Guide contains proven study features that allow you to succeed on the exam the first time. Expert instructor Anthony Sequeira shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills, essential for successful completion of the performance-based testing items on the exam. This complete, CompTIA-approved study package includes the following:

A test-preparation routine proven to help you pass the exams
Clearly defined chapter learning objectives covering all N10-008 exam topics
Chapter-ending review questions and exam preparation exercises, which help you drill on key concepts you must know thoroughly
The powerful Pearson Test Prep practice test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
40 performance-based exercises to help you prepare for the hands-on exam questions
A free copy of the CompTIA Network+ N10-008 Simulator Lite software, complete with meaningful lab exercises that enhance your hands-on skills
More than 60 minutes of video mentoring
A final preparation chapter that guides you through tools and resources to help you craft your review and test taking strategies
An Exam Essentials appendix that quickly recaps all major chapter topics for easy reference, both in print and interactive digital format
A key terms Glossary in both print and on the companion website, which acts as an interactive flash-card application
Study plan suggestions and templates to help you organize and optimize your study time
A 10% exam discount voucher (a $33+ value!)

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this approved study guide helps you master the concepts and techniques that ensure your exam success.

Master the topics on the CompTIA Network+ N10-008 exam, including:

Network topologies and media types
IP addressing
Network services
Data center architectures and cloud concepts
Routing, Ethernet switching, and wireless networking
Network availability and disaster recovery
Network security
Remote access
Network troubleshooting

Reader Paulo Cardoso says, "This is a great book. In addition, it comes with great additional resources."

Learn more about the CompTIA Network+ N10-008 Cert Guide at

Learn more at

More Network Security Articles:
• Remote Access Authentication Protocols
• Secure, Network Compliant BYOD (Bring Your Own Device) Solutions
• Detecting Network Sniffers
• How to Tell if Someone is Lurking on Your Wireless Network
• Firewall Rules
• Man in the Middle Attack
• Cyber Security Tips for Small and Medium Business (SMB)
• Designing Physical Network Security
• How to Use the Open Source Intrusion Detection System SNORT
• Wireless Network Security - The Basics of Securing a Wireless LAN