Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Main Mode

Main Mode

Sep 25,2009 by alperen

small font medium font large font
image

Main Mode

Main mode has three two-way exchanges between the peers to create the secure connection and develop the common SAs, while protecting the identities of the IPSec peers.

  • First exchange The security algorithms and hash methods to be used to secure the IKE exchanges are agreed on to create the common IKE SA for each peer.

  • Second exchange A DH exchange is performed to generate shared secret keying material to be used by each peer to generate shared secret keys. Nonces, pseudorandom numbers, are sent to the other peer, signed, and returned to prove their identity.

  • Third exchange The peer’s identity is verified using the peer’s IP address or fully qualified domain name (FQDN), such as www.ciscoarticles.com , in encrypted form.

The resulting IKE SA in each peer is bidirectional and specifies IKE exchange choices for the authentication method, encryption and hash algorithms, DH group, the lifetime of the IKE SA in seconds or kilobytes, and the shared secret key values for the encryption algorithms.


194 times read

Related news
» Diffie-Hellman Key Agreement (DH)
by alperen posted on Sep 25,2009
» Step 3—IKE Phase Two
by alperen posted on Sep 25,2009
» Peer Authentication
by alperen posted on Sep 25,2009
» Aggressive Mode
by alperen posted on Sep 25,2009
» Step 2—IKE Phase One
by alperen posted on Sep 25,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.