Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
3
Replies

IKE phase one detail problem

cychenyan
Level 1
Level 1

‎06-03-2003 06:18 PM - edited ‎03-09-2019 03:31 AM

hi, when we configure the IKE phase one, many values needed to be configured like DES, MD5,Pre-shared keys and DH1. I just want to know how the values are used during the IKE phase one.

For examples, the pre-shared keys are used to authenticate each other, but where and how the DES, MD5 and DH1 are used?

Thanks

Labels:
0 Helpful
3 Replies 3

mnaveen
Level 1
Level 1

‎06-03-2003 09:17 PM

Hi,

Phase 1 can happen in 2 modes. Main mode or Aggressive mode. Main mode starts with an instantiation of the ISAKMP Identity protect exchange. There are 6 messages that are exchanged during this phase. The first 2 negotiate policy; the next 2 exchange DH public values and the last 2 authenticate the DH exchange. The last 2 exchanges are encrypted.

The best answer would be to look at RFC 2409 for IKE. It has everything you ever want.

Hope you got the answer.

Naveen

mnaveen@cisco.com

0 Helpful

mostiguy
Level 6
Level 6

‎06-04-2003 05:36 AM

IKE really just negotiates those settings between the two hosts. Those settings are used for the IPSec tunnel DES is a bulk encryption algorithm , MD5 is the hashing algorithm for verification, authentication,etc, and DH1 is a key exchange mechanism

0 Helpful

mnaveen
Level 1
Level 1
In response to mostiguy

‎06-04-2003 06:14 AM

Hi,

I beg to differ in this case since to the best of my knowledge IKE also used authentication and encryption during Main mode. I had seen this while I have enabled debugging for ISAKMP process. Moreover the encryption used by IKE could be different from what the IPSec uses. IKE not only negotiates but also use those settings.

I went back to the RFC 2409 and found out that the last 2 messages in Main Mode are in fact **authenticated** by the authentication mechanism negotiated by the parties. I request people to look into the RFC for correct details.

Hope my understanding is correct. Let me know if I'm missing anything.

Cheers,

Naveen

mnaveen@cisco.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents