Is there a way to specify what mode IKE phase 1 uses? I setup a remote access VPN and while sniffing packets noticed ISAKMP was using Aggressive mode versus Main mode. Is this because it is a remote access VPN connection? Is Main mode only used by the PIX for site-to-site connections?
Main mode uses three two-way exchanges betweeen initiator and receiver.
First - algorithms and hashed used to secure IKE comms are negotiated
Second - Diffe-Hellman exchange to generate shared secret keys and pass nonces to the other peer. These are signed and returned to prove their identity. Shared secret then used to generate all other encryption and authentication keys
Third - Verifies other peers ID to authenticate remote peer.
Fewer exchanges with fewer packets. In first exchange almost everything is squeezed in. IKE negotiation, DH key generation, nonce, ID packet. The receiver sends back everything that's needed to complete the exchange then the initiator confirms the exchange.
Basically Main mode hide the identities of the peers from prying eyes. Agressive mode exposes the peers identities and sets up the management connection more quickly. Also Main mode has 3 two-way exchanges of six packets and Aggressive mode uses only 2 exchanges. Page 467-468 Cisco PIX Firewalls.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...