Ike Modes - Nortel Secure 4134 Configuration
Security — configuration and management
Hide thumbs
Also See for Secure 4134:
- Installation manual (132 pages) ,
- Installation — hardware components (124 pages) ,
- Quick start manual (70 pages)
Table of Contents
Advertisement
IKE modes
With IKE, the shared key negotiation is carried out in two phases.
Phase 1: main mode or aggressive mode
The intent of phase 1 is to establish the authenticated symmetric key and
create an IKE security association. This can be achieved using one of two
modes: main mode or aggressive mode.
•
•
Copyright © 2007, Nortel Networks
.
Main mode: Main mode provides for a powerful and flexible negotiation
mechanism involving six message exchanges between the security
gateways. It also provides identity protection for the parties involved in
the negotiation. This is normally used in site to site VPN applications.
Figure 11
IKE main mode
Aggressive mode: Aggressive mode provides a quicker negotiation
mechanism involving only three message exchanges. However,
aggressive mode does not provide identity protection.
Aggressive mode is normally used in remote access VPN applications.
In remote access VPN, main mode with pre-shared key cannot function
when there is a NAT in the middle. In remote-access applications, it is
best to assume that there is a NAT in the middle and to use aggressive
mode, which functions with a NAT in the middle. Most site-to-site
applications provide native reachability (that is, no NAT in the middle)
between the peers and can therefore use main mode with identity
protection.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
Shared key negotiation with IKE 49
Advertisement
Table of Contents
