IKE v2 based VPN establishment

Learn how IKEv2 signaling is used to establish an IPSec VPN tunnel.

IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry.

An example of IKEv2 handshake and an IPSec tunnel transport is illustrated with the sequence diagram. You can click on IKE messages in the sequence diagram to see field-level details.

The following sequence of Virtual Private Network (VPN) setup are covered:

1. A ping triggers the establishment of the IKEv2 security association.
2. An IPSec tunnel is set up with a Child Security Association setup handshake.
3. The ping data gets transported over the IPSec tunnel.

IKE connection setup