Skip to main content
Cryptography

Return to Question

Post Deleted by CommunityBot
Post Locked by CommunityBot
Post Migrated Away to security.stackexchange.com by fgrieu, DrLecter, yyyyyyy, user2454, mikeazo
Post Closed as "Not suitable for this site" by fgrieu, DrLecter, yyyyyyy, user2454, mikeazo
Source Link
kishore .
kishore .
  • 101
  • 1

Difference between IPSEC SA and CHILD SA

Let us consider two network entities.

 Linux1 (eth0)=============IPSEC=============Linux2(eth0) 192.168.1.1 192.168.1.2

The IPSEC Tunnel is V4 over V4. When i set up this tunnel through IKE Strongswan, when i do "ipsec statusall", it shows a connection between Inner Ip's.

In this setup 1)I am thinking there is only 1 tunnel. I am confused on what is IPSEC SA and CHILD SA. I am thinking the packets from Linux1 to Linux2 will be ESP encapsulated ( if it is chosen) and the packets are supposed to go through the IPSEC tunnel. 2)Suppose there is rekeying, what is the difference between ikelifetime and ipseclifetime Thanks