Main Mode in IKEv1 uses six packets for negotiation1. Main Mode is the default mode for IKE phase I, which establishes a secure channel between the peers. Main Mode performs the following steps2:
The peers exchange their security policies and agree on a common set of parameters.
The peers generate a shared secret key using the Diffie-Hellman algorithm.
The peers authenticate each other using pre-shared keys, digital signatures, or public key encryption. Main Mode is partially encrypted, from the point at which the shared DH key is known to both peers2. Main Mode provides more security than Aggressive Mode, which uses only three packets for negotiation, but is faster and simpler2. References: Check Point gateways always send main IP address as IKE Main Mode ID - Check Point Software, IPsec and IKE - Check Point Software
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit