1. Manuals
  2. Brands
  3. UTT Manuals
  4. Network Router
  5. HiPER 840G
  6. Advanced configuration manual

UTT HiPER 840G Advanced Configuration Manual page 148

Hide thumbs
Table of Contents

Advertisement

UTT Technologies
Second exchange (message 3 and 4): A Diffie-Hellman exchange is
performed. Each endpoint exchanges a nonce (i.e., random number).
Third exchange (message 5 and 6): Identities of both endpoints are
exchanged and verified.
In the third exchange, identities are not transmitted in clear text. The identities are
protected by the encryption algorithm agreed upon in the first two exchanges.
In the Web UI
y ou can go to the VPN > IPSec > IPSec Settings page to click the Advanced Options
hyperlink to select Main from the Exchange Mode drop-down list (section 6.1.2.2).
Aggressive Mode
Aggressive mode has two exchanges with a total of three messages between the initiator
and the responder.
First message: The initiator proposes the SA, initiates a Diffie-Hellman
exchange, and sends a nonce (i.e., random number) and its IKE identity.
Second message: The responder accepts the proposed SA, authenticates
the initiator, and sends a nonce (i.e., random number), its IKE identity, and its
certificates if it is being used.
Third message: The initiator authenticates the responder, confirms the
exchange, and sends its certificates if it is being used.
T h e w e a k n e s s o f u s i n g a g g r e s s i v e m o d e i s t h a t i t d o e s n o t p r o v i d e i d e n t i t y p r o t e c t i o n
b e c a u s e t h e i d e n t i t i e s o f b o t h s i d e s a r e e x c h a n g e d i n c l e a r t e x t . H o w e v e r , a g g r e s s i v e
m o d e i s f a s t e r t h a n m a i n m o d e .
In the Web UI
y ou can go to the VPN > IPSec > IPSec Settings page to click the Advanced Options
hyperlink to select Aggressive from the Exchange Mode drop-down list (section 6.1.2.2).
Note
If one of the two IPSec endpoints has a dynamic IP address, you must use aggressive
mode to establish an IPSec tunnel.
Diffie-Hellman Exchange
The Diffie-Hellman exchange is a public key cryptography protocol used for key exchange.
With Diffie-Hellman exchange, the two IPSec endpoints publicly exchange key material
over an insecure network channel to derive a shared secret key, which is never
exchanged over the insecure channel.
http://www.uttglobal.com
Chapter 10 VPN
Page
18118118
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for UTT HiPER 840G

Related Products for UTT HiPER 840G

Table of Contents