Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How are IKE Phase 2 messages sent?



Article ID: KB6394 KB Last Updated: 10 Jun 2010Version: 3.0
How are IKE Phase 2 messages sent?
IKE Phase 2 Quick Mode

Note: This article applies to ScreenOS 4.0 and higher.

IKE Phase 2 messages are sent in the following manner:

Image of example

Message 1 and Message 2 contain an encrypted and authenticated exchange of hashes that contain information from Phase 1. The following Phase 2 proposal list is also included:

  • Encapsulating Security Protocol (ESP) or Authentication Header (AH)
  • Diffie-Hellman Group Number (0 for nopfs)
  • Encryption Algorithm
  • Authentication Algorithm
  • Key Lifetime
  • Proxy ID (Policy Rule)
  • Diffie-Hellman Public Keys (Optional if using PFS)

Message 3 acknowledges information sent from Quick Mode Message 2, so that a Phase 2 tunnel may be established.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search