IKE IPSec based VPN flow

IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. An example of IKEv2 handshake and an IPSec tunnel transport is illustrated with the following sequence diagram. You can click on IKE messages in the sequence diagram to see field level details.

The following sequence of Virtual Private Network (VPN) setup are covered:

  1. A ping triggers establishment of the IKEv2 security association.
  2. An IPSec tunnel is setup with a Child Security Association setup handshake.
  3. The ping data gets transported over the IPSec tunnel.

IKE IPSec based VPN sequence diagram

The IKE IPSec VPN flow covers IKEv2 security association and IPSec tunnel setup with a Child Security Association setup handshake.

IKE IPSec VPN session overview

An overview of the high level interactions in the IKE IPSec VPN establishment. The diagram focuses just on the message interactions.

VPN context diagram

A high level view that just shows the different types of messages that are exchanged between VPN connected nodes