Phase 1

IKE supports two types of phase 1 exchanges:
  • Main mode
  • Aggressive mode
Both of these exchange modes are based on exchanges that are defined by ISAKMP. Main mode is an implementation of ISAKMP’s Identity Protect exchange. Aggressive mode is an implementation of ISAKMP’s Aggressive exchange.
IKE defines four techniques for authentication of phase 1 exchanges:
  • Pre-shared key
  • Signature-based
  • Public key encryption
  • Revised public key encryption
Restriction: Of these techniques, the z/OS® IKE daemon supports only pre-shared key authentication and signature-based authentication using RSA signatures.
Parent topic: IKE version 1 protocol