VPN SA Management Overview

Each node in a network can exchange data by establishing a VPN tunnel or a Security Association (SA) with one or more other nodes. After a tunnel is established, the SA uses encryption and authentication keys to ensure data security and integrity.

A security key string is an encryption key that is used to encrypt and decrypt secure data. Both nodes must have the key to exchange data. For example, the announcer of the Little Orphan Show used the same key to encode the secret messages that the kids used to decode the messages.

Although an encrypted message cannot be read, it can be tampered with externally. Using an authentication key prevents external tampering. An authentication key is a hash function that is applied to the message content and is checked by the message recipient to verify the message was not modified in transit.

In order to ensure message security, it is very important that the security and authentication keys are not discovered by outside parties. Otherwise, the messages could be read in transit.