Internet Key Exchange (IKE) for VPN
Focus
Focus
Network Security

Internet Key Exchange (IKE) for VPN

Table of Contents

Internet Key Exchange (IKE) for VPN

Where Can I Use This?
What Do I Need?
  • PAN-OS
No license required
The IKE process allows the VPN peers at both ends of the tunnel to encrypt and decrypt packets using mutually agreed-upon keys or certificate and method of encryption. The IKE process occurs in two phases: IKE Phase 1 and IKE Phase 2. Each of these phases uses keys and encryption algorithms that are defined using cryptographic profiles— IKE Crypto profile and IPSec Crypto profile—and the result of the IKE negotiation is a security association (SA). An SA is a set of mutually agreed-upon keys and algorithms that are used by both VPN peers to allow the flow of data across the VPN tunnel. The following illustration depicts the key exchange process for setting up the VPN tunnel:

Recommended For You