Options
Main Mode and Aggressive Mode IPSEC
bharath917
Member Posts: 17 ■□□□□□□□□□
Hi,
I know we use Aggressive mode when one peer has Dynamic IP.
But why Dynamic IP cannot be used in Main Mode. I was asked this question in an Interview and i was unable to answer.
Regards,
Bharath
I know we use Aggressive mode when one peer has Dynamic IP.
But why Dynamic IP cannot be used in Main Mode. I was asked this question in an Interview and i was unable to answer.
Regards,
Bharath
Comments
-
Optionsdeadjoe
Member Posts: 24 ■■■□□□□□□□
Main mode can be used with dynamic IPs.
Aggressive mode sends IKE ID and hash in clear text (if using pre-shared key). Don't use aggressive mode, force main mode if you can. Even better, use IKEv2.