IPSEC VPN

IKE Phase 1 is ISAKMP (Internet Security Association and Key Management Protocol) – it is used to create a private tunnel between the peers (the routers) for a secure communication.

IKE Phase 2 is also known as IPsec – it creates the IPsec tunnel used for user traffic.

https://learningnetwork.cisco.com/thread/25765

http://gigacon.blogspot.com/2016/12/best-interview-questions-how-vpn-works.html

Main Mode VS Aggressive:
https://supportforums.cisco.com/t5/security-documents/main-mode-vs-aggressive-mode/ta-p/3123382

Fortigate selecting Main and Agressive Mode:
http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/Phase_1/Choosing_Main_Aggressive.htm

Basic Site-to-Site IPSec VPN (Aggressive Mode):
http://zahid-stanikzai.com/basic-site-to-site-ipsec-vpn-aggressive-mode/

IKE main mode, aggressive mode, & phase 2.
IKE main mode, aggressive mode, & phase 2.

IPsec VPN, Main mode Vs Aggressive mode
http://rayas-security.blogspot.com/2013/06/ipsec-vpn-main-mode-vs-aggressive-mode.html

Conclusions
-Aggressive mode is faster than main mode
-It is generally recommended to use main mode instead of aggressive mode.
-If aggressive mode must be used, for performance issue for example, prefer Public Key Encryption authentication.

Question and Answer:
1. When do we use main mode and aggrassive mode ? In which scenarios we choose them ?
A: Aggressive mode is typically used for remote access VPN’s (remote users). Also you would use aggressive mode if one or both peers have dynamic external IP addresses.
While Main mode is used fro Site-Site VPNs.

2. It will depend on the authentication type used
1. In PSK mode, you have to use Aggressive mode when one side is in dynamic
IP addressing.
2. In the other authentication modes, you can use either Main or Aggressive
modes.
One advantage of the Aggressive mode over the Main mode is it is more
faster

3. Which mode will be secured one ? Main mode or Aggressive?
A: Main mode is secure as it negotiates the SA parameters first before authenticating which aggressive mode does not do.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s