- In Main mode, the Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information - In Aggressive mode, the Phase 1 parameters are exchanged in a single message with unencrypted authentication information Although Main mode is more secure, you must select Aggressive mode if there is more than one dialup Phase 1 configuration for the interface IP address, and the remote VPN peer or client is authenticated using an identifier local ID. Aggressive mode might not be as secure as Main mode, but the advantage to Aggressive mode is that it is faster than Main mode (since fewer packets are exchanged). Aggressive mode is typically used for remote access VPNs. But you would also use aggressive mode if one or both peers have dynamic external IP addresses. Descriptions of the peer options in this guide indicate whether Main or Aggressive mode is required.
Appreciate the detailed and expressive explanation
Thanks and Keep Watching :)
For Hub & Spoke, despite the config mode must be aggressive, why it was selected main mode both at Hub and spoke? (19:30)
- In Main mode, the Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information
- In Aggressive mode, the Phase 1 parameters are exchanged in a single message with unencrypted authentication information
Although Main mode is more secure, you must select Aggressive mode if there is more than one dialup Phase 1 configuration for the interface IP address, and the remote VPN peer or client is authenticated using an identifier local ID. Aggressive mode might not be as secure as Main mode, but the advantage to Aggressive mode is that it is faster than Main mode (since fewer packets are exchanged). Aggressive mode is typically used for remote access VPNs. But you would also use aggressive mode if one or both peers have dynamic external IP addresses. Descriptions of the peer options in this guide indicate whether Main or Aggressive mode is required.
I'm join