Phase 2 Exchange (System Administration Guide: IP Services)

System Administration Guide: IP Services

Previous: Phase 1 Exchange
Next: Negotiating IKE

Phase 2 Exchange

The Phase 2 exchange is known as Quick Mode. In the Phase 2 exchange, IKE creates and manages the IPsec SAs between hosts running the IKE daemon. IKE uses the secure channel that was created in Phase 1 to protect the transmission of keying material. The IKE daemon creates the keys from a random number generator (/dev/random), refreshes them at a configurable rate, and provides the keying material to algorithms specified in the IPsec policy configuration file.

Previous: Phase 1 Exchange
Next: Negotiating IKE