Main Mode and Aggressive Mode IPSEC

bharath917bharath917 Member Posts: 17 ■□□□□□□□□□
in CCNP Security
Hi,

I know we use Aggressive mode when one peer has Dynamic IP.
But why Dynamic IP cannot be used in Main Mode. I was asked this question in an Interview and i was unable to answer.

Regards,
Bharath
· Share on FacebookShare on Twitter

Comments

  • deadjoedeadjoe Member Posts: 24 ■■■□□□□□□□
    Main mode can be used with dynamic IPs.

    Aggressive mode sends IKE ID and hash in clear text (if using pre-shared key). Don't use aggressive mode, force main mode if you can. Even better, use IKEv2.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.