The given statement, “IPsec SA and IKE SA are same” is False.
• IPsec SA and IKE SA are not same.
• In the network layer, a logical connection is created between any two network entities before transmitting the IPsec datagrams. This logical connection is known as an IPsec security association (IPsec SA).
• For a large virtual private network (VPN), it is highly impossible to enter all the SA’s information manually into the Secure Association Databases (SADs) of IPsec entities (routers). To overcome this problem, an automated mechanism is provided to create SAs. This mechanism is known as Internet Key Exchange (IKE) protocol.
• The IKE is very much similar to SSL handshake and it establishes a SA in two phases. In the first phase, the two IPsec entities exchanges two message pairs. The first message exchange creates a bi-directional IKE SA, which provides a secure channel between two IPsec entities to establish a SA.
• The messages required to establish SA, are exchanged over the secured IKE SA channel.
If you found this answer helpful, please upvote and share with other students in your network.