comp.security.firewalls archive
Re: IKE Phase1 3rd message pair
From: VANHULLEBUS Yvan <vanhu@nospam_free.fr>
Date: Mon Mar 27 2006 - 11:01:17 CEST
Date: Mon Mar 27 2006 - 11:01:17 CEST
Volker Birk <bumens@dingens.org> writes:
> pvsnmp@yahoo.com wrote:
> > What is the purpose of the 3rd message pair in IKE Main mode Phase1
> > (messages 5 and 6)?
>
> From RFC4306:
This is IKE V2 RFC, which don't include "main mode"/"aggressive mode"
concepts.
> | Subsequent exchanges MAY be used to establish
> | additional CHILD_SAs between the same authenticated pair of endpoints
> | and to perform housekeeping functions.
>
In IKE V1 (RFCs 2407, 2408, 2409), phase 1 MUST be established before
quite anything else, including phase2 ("quick mode") exchanges,
because all remaining exchanges are protected by the IsakmpSA
negociated in phase1.
Yvan.
Received on Mon May 1 01:03:06 2006