VPN Technologies: The Big Picture

I think it would be beneficial to have an overview of how an IPsec VPN is built so we can at least see the “big picture” before delving into the specifics.  There are essentially five main phases.  They are as follows:

1.  “Interesting Traffic” initiates the VPN process on the security appliance.

There are usually many different data streams flowing through your devices and not all of them will be part of the VPN tunnel.  Some may be HTTP traffic, SMTP connections etc.  There needs to be a way of the appliance distinguishing what traffic should be tunnelled and what shouldn’t.  The most common method is to use an Access Control List (ACL) or rulebase.

2.  IKE Phase 1.  IKE (Internet Key Management protocol)

IKE Phase 1 is the process that occurs when the two endpoints first establish connectivity.  The purpose of which is to create a secure connection between VPN peers that will facilitate the IKE Phase 2 security parameters agreement.

3.  IKE Phase 2

Once a temporary secure connection has been formed between the two VPN peers, IKE Phase 2 will negotiate the security parameters that will be used between the two endpoints for the VPN tunnel and then periodically renegotiate them throughout the lifetime of the tunnel to ensure maximum security in the event of an attack.

4.  IPsec VPN Tunnel Established

Once IKE Phase 2 has completed both peers may now send data to each other.  As data is sent and received through the tunnel it will be encrypted and decrypted by the VPN peers using the security parameters agreed upon in IKE Phase 2.

5.  IPsec VPN Tunnel Terminated

IPsec VPN tunnels will be torn down after a specified period or by manually stopping the IPsec.  The tunnel can be re-established before the timeout is reached if new security parameters can be agreed again using IKE Phase 2.  This ensure a stable connection and no interuption of data flow should the timeout expire during communications.