I don't know about your PIX questions, but the difference between IKE and IPSec is easy. IKE is the key exchange protocol. It is used to pick a transform set to use, what encryption protocol, what key length, etc. It also is used to actually share the symmetric keys used in ESP (one of the IPSec methods). IPSec is the "data" channel, it is the protocol that is used to actually transmit data between two peers. You can think of IKE as the control channel in FTP, and IPSec (AH and/or ESP) as the data channel.
Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: Vijay M [mailto:[EMAIL PROTECTED] Sent: Saturday, August 02, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: Re: IPSec and IKE [7:23599] hello, I want to know that i am already having IPsec VPN connectivity with 2 different PIX 515s, can i have 1 more connection onto the same PIX515. I mean these commands:- crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-md5-hmac crypto ipsec transform-set vcustomer esp-3des esp-md5-hmac crypto map fingerhut 1 ipsec-isakmp crypto map fingerhut 1 match address 1 crypto map fingerhut 1 set peer a.b.c.d crypto map fingerhut 1 set transform-set vcustomer crypto map fingerhut 2 ipsec-isakmp crypto map fingerhut 2 match address 2 crypto map fingerhut 2 set peer x.y.z.a crypto map fingerhut 2 set transform-set vcustomer crypto map fingerhut interface outside isakmp enable outside isakmp key ******** address a.b.c.d netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp key ******** address x.y.z.a netmask 255.255.255.255 no-xauth no-c onfig-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 ""Theodore stout"" wrote in message news:[EMAIL PROTECTED] > Personally speaking I am confused too. I am a CCSE and passed MCNS with > perfect points on both on the IPSEC section and I still don't understand it > perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet > I really still don't know what the real difference is between IPSEC and > IKE. I even read that like 70 page file from Cisco, deploying IPSec blah > blah and I was just more confused. What I do really understand it ESP and > AH. That is really clear and necessary to understand for transform sets. > > Watch me get a perfect on this section tomorrow on the Advanced PIX and > still not really have a clue! > > Peace > > Theo **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73419&t=23599 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
