Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
461462463464465466467468469470
7-13
Virtual Private Networks
IPsec VPNs
Figure 7-6. IKE Aggressive Key Exchange Mode
Aggressive mode condenses the process into three total messages—two from
the initiator and one from the respondent. Aggressive mode is quicker than
main. However, it requires endpoints to send identifying information before
exchanges are encrypted, so it is less secure.
IKE Phase 2. The goal of IKE phase 2 is to negotiate the IPsec SA. For this
reason, even though IKE carries out both phases, phase 1 is associated with
IKE policies and phase 2 with IPsec policies. Keys generated during IKE
phase 2 will secure all data exchanged over the lifetime of the IPsec SA.