Thursday, January 25, 2018

IKEv1 DHgroup ( aggressive mode )

When deploying IKEv1 for IPSEC, it  crucial  to know the exchange for the   DHgrp needs to be defined across the proposals & the same.

In the 1st initial  contact the  IKEv1 end-point will provide his identity and dh-parameter. So if you have multiple proposals with  different DHgrp values, they will even be NOT be looked at.

IKEv1 main-mode

6  transactions (  DHexch comes at transaction 3+4 )

IKEv1 aggressive-mode

3 transactions ( DHexch happens in the 1st transaction along with the proposal )

Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment