Security Association - VPN Tutorial
SA (Security Association)
SA is an agreement or a contract between two IPSec peers or endpoints. The SA contains all the information required for the two peers to exchange data securely. In particular IKE SA’s are used to specify the type of authentication and which Diffie-Hellman group to use. So SA's contain the parameters for peer VPN gateways will use to encrypt and authenticate data.
SA (security association) is a one way logical connection so we need two SA’s, one for inbound traffic and one for outbound traffic on each gateway.
Wikipedia's guide to Security Association