Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
531532533534535536537538539540
7-18
Virtual Private Networks
IPsec Concepts
Figure 7-6. IKE Aggressive Key Exchange Mode
Aggressive mode condenses the process into three total messages—two from
the initiator and one from the respondent. Aggressive mode is quicker than
main. However, it requires endpoints to send identifying information before
exchanges are encrypted, so it is less secure.
IKE Phase 2
The goal of IKE phase 2 is to negotiate the IPsec SA. For this reason, even
though IKE carries out both phases, phase 1 is associated with IKE policies
and phase 2 with IPsec policies. Keys generated during IKE phase 2 will secure
all data exchanged over the lifetime of the IPsec SA.