Tags: , ,

Forum Replies

  1. Hi Thomas,

    That’s right, when you use main mode you can see that the first 4 messages (with all the parameters) are sent in clear text. Take a look at this wireshark capture:

    IKEv1 main mode


  2. Hi Francesco,

    DH is used to generate a shared private key over an insecure network (like the Internet). Here’s an example of the different DH groups:

    Diffie-Hellman group 1 - 768 bit modulus
    Diffie-Hellman group 2 - 1024 bit modulus
    Diffie-Hellman group 5 - 1536 bit modulus
    Diffie-Hellman group 14 - 2048 bit modulus
    Diffie-Hellman group 19 - 256 bit elliptic curve
    Diffie-Hellman group 20 - 384 bit elliptic curve
    Diffie-Hellman group 21 - 521 bit elliptic curve

    The higher the DH group number, the more secure the exchange will be.

    Here’s an interesting link f

    ... Continue reading in our forum

  3. Hi Rene,

    Am I right about DH if i say:
    I configured PSK on both sides, then DH use its own (differrent) key to secure the configured PSK and it will do the exchange?

  4. Hello Sims

    Using SIP across a NAT router can be quite complex. The sessions SIP establishes can easily be disrupted or blocked by NAT and can often result in phenomena such as one way voice, no way voice and unsuccessful session initiation.

    There are various solutions and traversal mechanisms available that will solve these issues. A good place to start is RFC6314 by the IETF that provides concrete recommendations for SIP NAT traversal.

    I hope this has been helpful!


30 more replies! Ask a question or join the discussion by visiting our Community Forum