The IKE process allows the VPN peers at both ends of the tunnel to encrypt and decrypt packets
using mutually agreed-upon keys or certificate and method of encryption. The IKE process
occurs in two phases:
IKE Phase 1 and
IKE Phase 2.
Each of these phases uses keys and encryption algorithms that are defined using
cryptographic profiles— IKE Crypto profile and IPSec Crypto profile—and the result of
the IKE negotiation is a security association (SA). An SA is a set of mutually
agreed-upon keys and algorithms that are used by both VPN peers to allow the flow of
data across the VPN tunnel. The following illustration depicts the key exchange process
for setting up the VPN tunnel: