Definitions of terms we use in IPsec RA VPN topics
- IKE authentication; IKE exchange
- Refers to the Phase1 IKEv2 negotiation as seen in the output of the
show vpn ike sa command
orIKE_SA
in the logs. - Child SA
- Refers to the Phase2 IKEv2 negotiation as seen in the output of the
show vpn ipsec sa command
orCHILD_SA
in the logs. - 1 tunnel
- Refers to one 'IKE' security association pair (2) of 'IPsec' (SAs) with two or more security policies (SPs, at least one forward, at least one reverse). So, an established tunnel would refer to a client with two SAs and two or more SPs, and a server with two SAs and two or more SPs