IPSec – handshake

The first stage of an IPSec session is to create a secure tunnel—this is known as security association. In the Security+ exam this is called Internet Key Exchange (IKE). Diffie Hellman is used to set up a secure tunnel before the data is:

Figure 9: Diffie Helman

The IKE phase of the IPSec session is using Diffie Hellman over UDP port 500 to create what is known as quick mode. This creates a secure session so that the data can flow through it.

The second phase is where the data is encrypted with DES, 3 DES, or AES. AES provides the most secure VPN session as it uses 128, 192, or 256 bits. There are two different IPSec modes: ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.