Mechanism of IPSec phase 2 on the USG2160

IKEv1 phase 2 negotiation aims to set up the IPSec SAs that are used for data transmission.
IKEv1 phase-2 negotiation is completed through fast switch. In fast switch, SKEYID_a generated in IKEv1 phase-1 negotiation is used to implement integrity check and identity authentication on ISAKMP messages, and SKEYID_e is used to encrypt ISAKMP messages, ensuring the security of the switch.
In fast switch mode, IPSec SA parameters are negotiated between the two ends of the peer, and the key is generated for data transmission.

Scroll to top