Main Mode and Aggressive Mode IPSEC

bharath917bharath917 Posts: 17Member ■□□□□□□□□□
Hi,

I know we use Aggressive mode when one peer has Dynamic IP.
But why Dynamic IP cannot be used in Main Mode. I was asked this question in an Interview and i was unable to answer.

Regards,
Bharath

Comments

  • deadjoedeadjoe Posts: 19Member ■■□□□□□□□□
    Main mode can be used with dynamic IPs.

    Aggressive mode sends IKE ID and hash in clear text (if using pre-shared key). Don't use aggressive mode, force main mode if you can. Even better, use IKEv2.
Sign In or Register to comment.