Home Page

VPN & Cryptography

Firewalls

Email & Spam

Security Terminology

 

VPN Terminology

VPN Tutorial Guide

3DES

AES

Aggressive Mode

Authentication Header

Asymmetric Encryption

Authentication

Certification Authority

Data Integrity

DES

Diffie-Hellman

Digital Certificate

Dynamic IP addresses

Encryption

ESP

IKE Oakley & ISAKMP

IPSec

IPSec Quick Mode

L2TP

Main Mode

MD5

NAT-T

PFS

PKI

Policy-vs-Route-VPN

PPTP

Pre-Shared Key

Remote Access User

RSA

Security Association

Sha-1

Site to Site VPN

SSL VPN

Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel

 

Security Association - IPsec VPN Tutorial

 

 

 

Security Association (SA) is an agreement or a contract between two IPsec peers or endpoints. The SA contains all the information required for the two peers to exchange data securely. In particular IKE SA’s are used to specify the type of authentication and which Diffie-Hellman group to use. SA's contain the parameters that the peer VPN gateway device will use to encrypt and authenticate data.

Security Association is a one way logical connection so we need two SA’s to establish a VPN IPsec tunnel, one for inbound traffic and one for outbound traffic on each VPN gateway device.

Further Reading

Wikipedia's guide to Security Association