12-28-2014 03:27 AM - edited 03-05-2019 12:27 AM
Hi,
Some say the vpn peers authenticate first and then start the process of building the ISAKMP tunnel.
However most book/blog-posts say authentication happens in 5th & 6th packet using the encrypted hash of the pre-shared key.Is this right?
So what is the correct order?
Also tell me if digital certificates are send in plain text or encrypted?
12-28-2014 11:28 AM
Hello.
Main mode use 6-steps process and authentication happens on last steps.
In aggressive mode (3-steps) authentication happens from the very beginning and it's recommended (safe) for PKI authentication only.
Certificates (X.509) may be a part of the message; but only open-keys, so there is no risk if the message is intercepted.
12-28-2014 10:09 PM
Hi,
Thanks for the reply.
Do we use the shared secret generated after 4th packet to encrypt the hash of the pre-shared keys.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide