[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Aggressive Mode Negotiations
During aggressive mode phase 1 negotiations, the
E-series router behaves as follows:
- When the router is the initiator, the router searches
all policy rules to find those that allow aggressive mode. The router
then selects the rule with the highest priority and uses the rule
to initiate phase 1 negotiations. If there are no policy rules with
aggressive mode allowed, the router selects the highest-priority rule
that allows main mode.
- When the router is the responder, the negotiation depends
on what the initiator proposes, as well as what is configured in the
policy rules.
Table 14 outlines the possible
combinations of initiator proposals and policy rules. As indicated,
allowing aggressive mode in a policy rule allows negotiation to take
place no matter what the initiator requests.
Table 14: Initiator
Proposals and Policy Rules
|
Aggressive Mode Setting
|
Initiator Requests (First Time)
|
Initiator Requests (Rekeyed)
|
Responder Policy
Rule
|
|
Accepted
|
Main mode
|
Follows First Time
|
Aggressive or Main modes (follows initiator)
|
|
Requested
|
Aggressive mode
|
Follows First Time
|
Aggressive or Main modes (follows initiator)
|
|
Required
|
Aggressive mode
|
Aggressive Mode
|
Aggressive mode
|
|
None
|
Main mode
|
Main Mode
|
Main mode
|
The router responds to phase 1 negotiations with
the highest-priority policy rule that matches the initiator. A match
means that all parameters, including the exchange type, match.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
