IPsec Main and Quick Mode packet flow (Decrypted)
Main Mode 1st Message: Generation of the initiator cookie — An 8-byte pseudo-random number used for anticlogging CKY-I = md5{(src_ip, dest_ip), random number, time, and date} Generation of the responder cookie — An 8-byte pseudo-random number used for anticlogging CKY-R = md5{(src_ip, dest_ip), random number, time, and date} Main Mode 2nd Message: Before 3rd and 4th message: Public key: Xa ,Xb Nonce = Ni, Nr How public key is created? DH public value = Xa Xa = g^a mod p g is the generator p is a large prime number a is a private secret known only to the initiator Main Mode 3rd message: Key exchange Public key NAT-D Main Mode 4th Message: Key exchange Public key NAT-D NAT-D Before 5th and 6th message: Initiator secret = (Xb)a mod p = (Xa)b mod p = responder secret This value is the shared secret between the two parties and is also equal to g^ab PRF => Pseudo random function based on negotiated hash SKEYID's = PRF [ Pre-shared key , Ni ,Nr ] SKEYID...