Phase 1 can happen in 2 modes. Main mode or Aggressive mode. Main mode starts with an instantiation of the ISAKMP Identity protect exchange. There are 6 messages that are exchanged during this phase. The first 2 negotiate policy; the next 2 exchange DH public values and the last 2 authenticate the DH exchange. The last 2 exchanges are encrypted.
The best answer would be to look at RFC 2409 for IKE. It has everything you ever want.
IKE really just negotiates those settings between the two hosts. Those settings are used for the IPSec tunnel DES is a bulk encryption algorithm , MD5 is the hashing algorithm for verification, authentication,etc, and DH1 is a key exchange mechanism
I beg to differ in this case since to the best of my knowledge IKE also used authentication and encryption during Main mode. I had seen this while I have enabled debugging for ISAKMP process. Moreover the encryption used by IKE could be different from what the IPSec uses. IKE not only negotiates but also use those settings.
I went back to the RFC 2409 and found out that the last 2 messages in Main Mode are in fact **authenticated** by the authentication mechanism negotiated by the parties. I request people to look into the RFC for correct details.
Hope my understanding is correct. Let me know if I'm missing anything.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :