07-15-2024 04:11 AM
Hi, I have a query.
I know aggressive mode is used in case if the peer has dynamic IP's but may I know why main mode cannot be used? Can someone please explain this?
Thanks
07-15-2024 04:31 AM
It true that aggressive mode use mainly if the peer is dynamic' and the reason is that main mode use peer IP for auth but aggressive mode use peer IP or Peer ID for auth'
Now if the peer have dynamic IP we can not use anymore peer IP for auth so we use peer ID.
MHM
07-15-2024 04:36 AM
understood, so incase of main mode authentication happens with the help of peer ip.
So if a client has dynamic IP and if we use aggressive mode then each and every IP(new client's or new IP) will be validated using the peer ID.
Please correct me if I am wrong
07-15-2024 04:45 AM
Correct.
To solve this issue of using main mode and dynamic peer ip most vendor use isakmp key with address 0.0.0.0
This way even if peer IP change it not effect IPsec
MHM
07-15-2024 04:45 AM
Could you also explain or share me some docs to know more on when peer ip is used for auth in aggresive mode and when peer id is used ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide