Product specifications

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-54 Efficient Networks

Main Mode and Aggressive Mode

The router supports two Phase 1 IKE modes: main mode and aggressive mode.

These modes apply only to the Phase 1 negotiations, not to the ensuing data

transmission.

Main mode is used when both source and destination IP addresses are known. In

main mode, only two options require definition initially—the remote peer IP address

and the shared secret.

Aggressive mode is used when either the source or destination IP address could

change, as with a remote modem or DSL connection. In aggressive mode, additional

information must be specified at the beginning of a session. This additional

information includes the remote gateway’s IP address, the local and remote peer IDs,

and an ID type. This information is checked against the router’s Security Association

(SA) database. If a match is found, a tunnel session can be established.

Figure 5-7: IKE Modes

Phase 1 IKE — Main Mode:

Router Router

Fixed IP Address

Shared secret

Phase 1 IKE — Aggressive Mode:

Router

Fixed IP Address

Shared secret

Known ID (e-mail address or

domain name)