Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
4. Key exchange
  


Aggressive Mode page 5 of 11


The first two messages in Aggressive Mode negotiate policy, exchange Diffie-Hellman public values and ancillary data necessary for the exchange, and identities. In addition, the second message authenticates the responder. The third message authenticates the initiator and provides a proof of participation in the exchange.

The final message is not to be sent under protection of the SA. This allows each party to postpone exponentiation, if desired, until negotiation of this exchange is complete.

Security Association negotiation is limited with Aggressive Mode. For example, the group in which the Diffie-Hellman exchange is performed cannot be negotiated. Differing authentication methods may further constrain attribute negotiation. Similarly, authentication with public key encryption cannot be negotiated.

If there are situations where the richer attribute negotiation capabilities of IKE are necessary, Main Mode may be required.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact