Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
167 views2 pages

IPSec Modes and IKE Phase 1 Explained

IPSec can operate in either Tunnel or Transport mode, with Tunnel mode being the default. Tunnel mode wraps the original packet, encrypts it, adds a new IP header and sends it to the IPSec peer. Transport mode uses the original IP header and inserts an ESP header. The two modes for IKE Phase 1 negotiation are Main Mode, which negotiates in 6 messages by exchanging policies, Diffie-Hellman keys, and authenticating the session, and Aggressive Mode, which negotiates in 3 messages by sending all needed data in the first message and responding with the selected policy and authentication request.

Uploaded by

Ratheesh Ravindran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
167 views2 pages

IPSec Modes and IKE Phase 1 Explained

IPSec can operate in either Tunnel or Transport mode, with Tunnel mode being the default. Tunnel mode wraps the original packet, encrypts it, adds a new IP header and sends it to the IPSec peer. Transport mode uses the original IP header and inserts an ESP header. The two modes for IKE Phase 1 negotiation are Main Mode, which negotiates in 6 messages by exchanging policies, Diffie-Hellman keys, and authenticating the session, and Aggressive Mode, which negotiates in 3 messages by sending all needed data in the first message and responding with the selected policy and authentication request.

Uploaded by

Ratheesh Ravindran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

IPSec

IPSec can be configured to operate in two different modes, Tunnel and Transport mode.

IPSec Tunnel Mode

IPSec tunnel mode is the default mode. IPSec wraps the original packet, encrypts it, adds a new IP header and sends
it to the other side of the VPN tunnel (IPSec peer).

IPSec Transport Mode

When we use transport mode, we use the original IP header and insert an ESP header

IKE Phase 1 Modes


Main Mode:

1) PHASE1 negotiation is made in 6 messages in total.


2) 1st message contains the ISAKMP policies which contains the encryption and
authentication algorithms that it is willing to use.
3) 2nd message exchanges the Diffie-Hellman public keys.
4) 3rd message authenticate the ISAKMP session by sending the Peer ID and the hash
payloads.

Aggressive Mode:

1) PHASE1 negotiation is made in 3 messages in total.


2) All the data required to establish the SA (Security Association) is sent by the initiator.
3) Responder replies with the selected ISAKMP policy and an authentication request.
4) Initiator responds the request and a SA is established.

You might also like