Newbie: VPN Phases 1 and 2-need clear explanation

  • Hi all,

    FoA, sorry for my long post. I am new to Security field with Juniper as my first product. Before getting hands on, i want to know the clear picture involved in both the phases of VPN. I have browsed thorough several articles and let me post my inferences on the VPN. Please correct me wherever i go wrong.

    Considering the IKE phase with Main mode, there are 6 packets(Three 2-way exchanges) involved in forming a tunnel:

    1st exchange: Both the peers exchange their encryption(DES,3DES, AES) and authentication algorithms(MD5, SHA1) and arrive at a conclusion

    2nd exchange: Diffie Hellman shared secret is computed by exchanging the public keys. In this exchange itself, the encryption keys (DES,3DES, AES) and authentication keys (MD5, SHA1) are negotiated. This negotiation is encrypted by the Shared secret and decrypted by the respective private keys at the gateways.And both the ends shud possess the same keys, since it is going to be symmetric

    3rd exchange: Both the gateways authenticate themselves to each other. Assuming a pre-shared key authentication mechanism(let me not dive into Digital certificates or PKI at this level), how it takes place? I mean how the pre-shared secret is compared at both the ends? My opinion is that the pre-shared secret is hashed and encrypted by the private key. So at the receivin end it is decrypted by the Diffie-HellMan shared secret and now it has a hashed value of the pre-shared secret. This receiving gateway then hashes the pre-shared secret on its side and compares with the received one. If it matches, then authenticity is guaranteed.

    Pls correct me for errors, if any. Also what actually happens in Phase 2? Apart from the ESP/AH negotiations in Phase 2, what else is there?

    Wil be rejoiced if sumone corrects me