Definitions of terms we use in IPsec RA VPN topics
- IKE authentication; IKE exchange
- Refers to the Phase1 IKEv2 negotiation as seen in the output of the
show vpn ike sa commandor
IKE_SAin the logs.
- Child SA
- Refers to the Phase2 IKEv2 negotiation as seen in the output of the
show vpn ipsec sa commandor
CHILD_SAin the logs.
- 1 tunnel
- Refers to one 'IKE' security association pair (2) of 'IPsec' (SAs) with two or more security policies (SPs, at least one forward, at least one reverse). So, an established tunnel would refer to a client with two SAs and two or more SPs, and a server with two SAs and two or more SPs