IKE Phase1 Tidbit - HAGLE

During my time studying how the internet key exchange (IKE) phase1 process works I stumbled upon something that really hit home for me that makes it easy to remember what is needed during configuration, which is used to allow peers to negotiate security parameters to build a successful security association for the phase1 tunnel. It's simple, HAGLE.

In order to properly negotiate and agree on parameters your IKE policy needs the following:

H = hash

A = authentication

G = dh group

L = lifetime

E = encryption



Recent Posts

See All

Dual Hub FlexVPN Error Tidbit

Sharing an issue that took me some time to troubleshoot & figure out in my dual hub single cloud FlexVPN lab/post (see here: Configuring & Verifying FlexVPN Redundancy with Dual Hub & Single Cloud). S

FlexVPN Redundancy Tidbit

I want to cover the most commonly used FlexVPN redundancy designs since I intend on building out a few scenarios to play with for studying purposes. The most common designs include: Dual cloud approa

IKEv2 Configuration Payload Tidbit

In this tidbit I want to cover what IKEv2 configuration payloads are & why they are needed. So it is sometimes desirable for the hub in hub & spoke topologies to provide configuration data to the spo


© 2023 by Train of Thoughts. Proudly created with Wix.com