Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
5
Helpful
1
Replies

Question regarding IPSEC

Efraim
Level 1
Level 1

‎12-22-2019 03:02 PM - edited ‎02-21-2020 09:49 PM

Hello,

I read this explanation about IPSEC and I have two questions :)

First: if we using Aggressive Mode in phase 2, a potential hacker will see who formed the IPSEC SA. How critical is it? 

Second: I know that in IPSEC there are 2 tunnel types - Tunnel Mode (default mode) and Transport mode. Can I say that it is part of IKE phase 1 > Encryption? or does it belong to IKE phase 2? In none of the explanation about IKE phase 1 & 2 I couldn't find any information about that.

 

Thank you! 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎12-22-2019 03:20 PM

Hi,
The IKE SA is very important. Aggressive mode is rarely used, only in legacy remote access VPNs. If using IKEv1 then Main Mode would likely be used. Aggressive mode can be disabled on the ASA/router. You can use IKEv2 instead of IKEv1, which is more secure and does not use aggressive mode or main mode.

The tunnel types are part of the IPSec SA (Phase 2). For example, on a Cisco IOS Router the tunnel mode is defined under the IPSec transform set, which is used to define the encryption/hashing algorithms used for the IPSec SA.

HTH
Customers Also Viewed These Support Documents