 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
IKE policy has two modes: aggressive and main. By default, main mode is enabled. Main mode uses six messages, in three exchanges, to establish the IKE SA. (These three steps are IKE SA negotiation, a Diffie-Hellman exchange, and authentication of the peer.) Main mode also allows a peer to hide its identity.
Aggressive mode also establishes an authenticated IKE SA and keys. However, aggressive mode uses half the number of messages, has less negotiation power, and does not provide identity protection. The peer can use the aggressive or main mode to start IKE negotiation; the remote peer accepts the mode sent by the peer.
To configure IKE policy mode, include the mode statement and specify aggressive or main at the [edit security ike policy ike-peer-address] hierarchy level:
- [edit security ike policy ike-peer-address ]
-
mode (aggressive | main);
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |