Hello Rahul
The encryption algorithm negotiated in phase 1 is only used in the phase 1 (ISAKMP) tunnel. The encryption algorithm used in phase 2 can be different, and is applied to the phase 2 (IPSec) tunnel. This can be seen in the implementation in the following lesson, where AES is used for the phase 1 tunnel, and esp-aes OR esp-sha-hmac encryption parameters are used for the phase 2 tunnel.
In the configuration in the lesson, the keys established in phase 1 are indeed used to apply the encryption in the phase 2 tunnel. This is common practice. These keys are called “keying material” which is a general and fancy term for “secret keys”. The encryption algorithms use these keys to generate the encryption on the data itself. However, IPSec does allow for the creation of new and different keys from those generated in phase 1, for encryption of phase 2 and this is achieved by performing an additional key exchange.
Keep in mind that each tunnel (Phase 1 and Phase 2) contains discrete and independent procedures to allow the tunnels to be established. For phase 1, the authentication which takes place is to establish the phase 1 tunnel. This is achieved using either pre-shared keys or digital certificates.
For phase 2, authentication algorithms available are MD5 or SHA, and must be configured independently of that of the phase 1 tunnel.
I hope this has been helpful!
Laz