IKE Phases (IKEv1 Main/Aggressive vs. IKEv2)

#The Negotiator: Internet Key Exchange#link

We've seen that SAs define the keys, but how are those keys agreed upon without sending them in cleartext? This is the job of IKE (Internet Key Exchange). IKE is essentially 'TLS for IPsec'—it's the handshake that sets up the secure tunnel before the actual data (ESP) starts flowing.

IKEv1 Phase 1: The Management Tunnel

IKEv1 works in two distinct phases. Phase 1 creates a secure, authenticated channel (the ISAKMP SA) that is used only for management traffic. This phase has two modes: **Main Mode** (6 packets, more secure, hides identities) and **Aggressive Mode** (3 packets, faster, but leaks the identity of the peers in cleartext).

In the output above, the `-A` flag tells `ike-scan` to attempt an Aggressive Mode handshake. If the server responds, the attacker now has the hash of the PSK and can begin a brute-force attack.

IKEv1 Phase 2: The Data Tunnel

Once the management tunnel is secure, IKEv1 Phase 2 (Quick Mode) negotiates the actual SAs that will be used to encrypt the user data. Phase 2 happens *inside* the protection of Phase 1. If Phase 1 is compromised, Phase 2 is also at risk.

IKEv2: The Modern Evolution (RFC 7296)

IKEv2 is a complete redesign. It combines the two phases into a single exchange, significantly reducing latency. It also adds native support for Mobility and Multihoming (MOBIKE), allowing a VPN connection to stay alive even if the user's IP address changes (e.g., switching from Wi-Fi to 4G).

• ▪Mandate IKEv2 for all new deployments
• ▪Explicitly disable IKEv1 Aggressive Mode
• ▪Use strong DH groups (Group 14 or Curve25519) for the Kex
• ▪Implement IKEv2 'Dead Peer Detection' (DPD) to clean up stale SAs