Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

main and aggressive mode

IKE phase 1 has two modes: main mode and aggresive mode. Do we select one of the modes during the configuration or both of them will occur during the phase 1? THanks

2 REPLIES
Cisco Employee

Re: main and aggressive mode

Hello Ciscoforum,

Are you asking your configuration question for specific Cisco VPN Device or is this generic.

Below is the reason, I am asking you the above question.

For example:

The Cisco VPN Client supports these IPSec attributes:

? Main mode for negotiating phase one ISAKMP SAs when using digital certificates for

authentication

? Aggressive mode for negotiating phase one ISAKMP SAs when using preshared keys for

authentication

Regards,

Arul

Re: main and aggressive mode

It's one mode (per vpn session) or the other.

You can't usually configure which (although there are some options on the VPN3000, but you wouldn't normlly change these).

PIX will initiate only Main Mode but can respond to either.

Main Mode uses three 2-packet exchanges (i.e. 6 packets in total), while Aggressive Mode uses three packets in all, so Aggressive Mode is a little faster than Main Mode, but potentially exposes more information to an eavesdropper.

169
Views
0
Helpful
2
Replies
CreatePlease login to create content