Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
2
Replies

IKE Phase1 Main Mode Mesaages : Does Authentication happens first or last ?

Mitesh Manwatkar
Level 1
Level 1

‎12-28-2014 03:27 AM - edited ‎03-05-2019 12:27 AM

Hi,

Some say the vpn peers authenticate first and then start the process of building the ISAKMP tunnel.

However most book/blog-posts say authentication happens in 5th & 6th packet using the encrypted hash of the pre-shared key.Is this right?

So what is the correct order?

Also tell me if digital certificates are send in plain text or encrypted?

Labels:
0 Helpful
2 Replies 2

Vasilii Mikhailovskii
Level 7
Level 7

‎12-28-2014 11:28 AM

Hello.

Main mode use 6-steps process and authentication happens on last steps.

In aggressive mode (3-steps) authentication happens from the very beginning and it's recommended (safe) for PKI authentication only.

Certificates (X.509) may be a part of the message; but only open-keys, so there is no risk if the message is intercepted.

0 Helpful

Mitesh Manwatkar
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎12-28-2014 10:09 PM

Hi,

Thanks for the reply.

Do we use the shared secret generated after 4th packet to encrypt the hash of the pre-shared keys.

Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card