Tags: , ,

Forum Replies

  1. tkalis says:


    Hi. Just to confirm I am reading this correctly for IKE Phase I ISAKMP process it is used to build the secure tunnel for the Phase II, but it and of itself is not securing the information/parameters/valued exchanged under phase I?

  2. Hi Thomas,

    That’s right, when you use main mode you can see that the first 4 messages (with all the parameters) are sent in clear text. Take a look at this wireshark capture:

    IKEv1 main mode


  3. Hi Rene,

    Am I right about DH if i say:
    I configured PSK on both sides, then DH use its own (differrent) key to secure the configured PSK and it will do the exchange?

  4. Thanks Laz that was helpful.

  5. Great article Rene.

    Just wondered if you could explain this:

    Initiation: something has to trigger the creation of our tunnels. For example when you configure IPsec on a router, you use an access-list to tell the router what data to protect. When the router receives something that matches the access-list, it will start the IKE process. It’s also possible to manually initiate the tunnel.

    How can you manually initiate the tunnel, without any interesting traffic?

28 more replies! Ask a question or join the discussion by visiting our Community Forum