The IKE process allows the VPN peers at both ends of
the tunnel to encrypt and decrypt packets using mutually agreed-upon
keys or certificate and method of encryption. The IKE process occurs
in two phases:
IKE
Phase 1 and
IKE
Phase 2. Each of these phases use keys and encryption algorithms
that are defined using cryptographic profiles— IKE crypto profile
and IPSec crypto profile—and the result of the IKE negotiation is
a Security Association (SA). An SA is a set of mutually agreed-upon
keys and algorithms that are used by both VPN peers to allow the
flow of data across the VPN tunnel. The following illustration depicts
the key exchange process for setting up the VPN tunnel: