0

I have some Wireshark traces to see how ISAKMP works. This traces were taken from peers when a IPsec tunnel is stablished. It seems that the traces display a different IPsec implementation. When IKE phase 1 takes place sometimes i see packets marked as IKE_SA_INIT and IKE_AUTH for the exchange type field of the ISAKMP protocol and sometimes i see packets with the value Identity protection and Quick Mode for the exchange type field. What is the difference between this implementations of the IKE phase 1?.

MABC
  • 203
  • 1
  • 5
  • 11

1 Answers1

0

These packets are from different IKE versions. The packets marked as IKE_SA_INIT and IKE_AUTH are IKEv2 messages, according to RFC 7296. The others are IKEv1 messages (RFC 2409 and others). Also, Quick Mode is known as Phase 2, and in IKEv2 there are not really two distinct phases.

ecdsa
  • 3,800
  • 12
  • 26