ike phase 1…

negotiation of phase 1

H: Hash
A: Authentication method
G: DH group
L: Lifetime of the IKE Phase 1 tunnel
E: Encryption algorithm to use for the IKE Phase 1 tunnel

then run DH key exchange

and authenticate

from wiki http://en.wikipedia.org/wiki/Internet_Key_Exchange

IKE Phases

IKE consists of two phases: phase 1 and phase 2.[10]

IKE phase 1’s purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA).[11] The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.[12] Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not.[10]

During IKE phase 2, the IKE peers use the secure channel established in Phase 1 to negotiate Security Associations on behalf of other services like IPsec. The negotiation results in a minimum of two unidirectional security associations (one inbound and one outbound).[13] Phase 2 operates only in Quick Mode.[10]

A transform set refers to the methods of encryption and hashing that you want to use for the IKE Phase 2 tunnels.