Two IPSec peers establish inbound and outbound SAs to form a secure IPSec tunnel through which data packets are transmitted securely over the Internet.
Table 1 lists IPSec configuration tasks.
Scenario |
Description |
Task |
|---|---|---|
Using an ACL to establish an IPSec tunnel |
An ACL defines data flows to be protected by an IPSec tunnel. You need to configure an IPSec policy and apply it to an interface to protect data communication. You can use an ACL to establish an IPSec tunnel in manual mode or IKE negotiation mode. SAs can be established in either of the following modes:
|
|
Using tunnel interfaces to establish an IPSec tunnel |
An IPSec tunnel is established between tunnel interfaces based on routes. In this mode, routes determine the data flows to be protected. You need to configure an IPSec profile and apply it to IPSec tunnel interfaces to protect IPSec packets. All the packets routed to the IPSec tunnel interfaces are protected by IPSec. |
Using a Virtual Tunnel Interface to Establish an IPSec Tunnel-CLI |
In manual mode, an ACL is used to establish an IPSec tunnel. In other modes, SAs are generated through IKE negotiation to establish an IPSec tunnel and an IKE peer needs to be configured and referenced.