Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
4. Key exchange
  


Key exchange methods page 4 of 11


We've noted the two main methods of key exchange: Main Mode and Aggressive Mode. Each generates authenticated keying material from a Diffie-Hellman exchange. Main Mode must be implemented; Aggressive Mode should also be implemented. Quick Mode must be implemented to generate fresh keying material as well as negotiating non-ISAKMP security services. Also, exchange types must now be switched in the middle of an exchange.

The SA payload must precede all other payloads in a phase 1 exchange.

Main Mode follows the ISAKMP Identity Protect Exchange: The first two messages negotiate policy; the next two exchange Diffie-Hellman public values and other data necessary for the exchange; and the last two messages authenticate the Diffie-Hellman Exchange.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact