The IPsec Phase-2 Security Association Table.
This table identifies the structure (in terms of
component SAs) of each active Phase-2 IPsec tunnel.
This table contains an entry for each active and
expiring security association and maps each entry
in the active Phase-2 tunnel table (ipSecTunTable)
into a number of entries in this table.
SA contains the information negotiated by IKE. The SA
is like a contract laying out the rules of the VPN
connection for the duration of the SA. An SA is assigned
a 32-bit number that, when used in conjunction with the
destination IP address, uniquely identifies the SA. This
number is called the Security Parameters Index or SPI.
IPSec SAs area unidirectional and they are unique in
each security protocol. A set of SAs are needed for a
protected data pipe, one per direction per protocol.