As We know that their are 6 steps in Main mode and 3 Steps in Aggressive mode for IKE SA.In Main Mode the steps are:-
In Steps 1 & 2 the Initiating peer will send the required Encryption algorithms,Hash algorithm etc over internet to the peer gateway.Now Peer gateway as well as any hacker's gateway can also reply to this request.How to avoid that some fake gateway should not reply to this request.May be we cannot avoid in this step.Please correct me if I am wrong.
In Steps 3 & 4,both the peers exchange DH public keys.Here also any Hacker can fake the actual peer's public key and reply back to initiator.
In steps 5 & 6, both the initiator and the actual peer will generate a besic session key(using Pre shared Key, Hash algorithm,other peer's DH Public key,its own private key) and using this Basic session key the message 5 & 6 gets encrypted and sent to peer.Here the initiator will get the reply from correct peer because the basic session key is generated using Pre shared key which is only known to Initiator and actual peer and at this stage the initiator will reject all the fake replies which it has received and will accept reply from actual Peer only.Am I right? OR it is some other way.
2.And in Aggressive mode we are having only 3 steps and in the very first step, we will send all the information to peer.In aggressive mode how we will avoid that tunnel should not gets established with some Fake gateway.Because in Aggressive mode in First message itself we will send everything--i.e. Encryption algorithm, public keys, IP addresses..Then how we will ensure that the correct peer will only give reply--whether here also the whole Message 1 is encrypted using basic session key.
I have gone through various documents on above topic but i could not find answers to these very basic questions.
Can you pls reply to these quesries.