Main Mode Negotiation
In Main mode negotiation, IPsec peers exchange a total of six messagesthree messages in each direction. The first four messages are the same regardless of the types of authentication configured for Phase 1:
-
Pre-shared keys
-
Rivest, Shamir, Adleman (RSA) signatures
-
RSA encrypted nonces
As the pre-shared keys and the RSA signatures are pre-dominantly used in the field for IPsec, these two authentication methods are explained in detail in this section.
Work through the following numbers and correlate them with packet numbers in Figure 6-3.