What is the difference between “Main” mode and “Quick” mode when using IPsec in Windows Server?

Solution 1:

Main mode and quick mode are IPsec generic terms referring to the stages of the IPsec negotiation process for securely exchanging encryption keys between hosts.

An IPsec connection is set up using the more resource intensive main mode negotiation, aka IKE phase one. The purpose of main mode is to securely create channels called Internet Key Exchange Security Associations between hosts. These IKE SA channels are used as a base from which to securely initiate and refresh the IPsec Security Associations (IPsec SAs) which are used to encrypt and decrypt the application data.

So, when the hosts have established mutual IKE SA's using main mode, these are used to protect subsequent key exchanges, in a way making this procedure less resource intensive. The subsequent exchanges are called quick mode or IKE phase two. The purpose of quick mode is to establish IPsec SAs, which are the channels used to encrypt and decrypt the application data.

At predefined intervals (such as by time or by volume of data) these IPsec SAs are refreshed, i.e. new IPsec SA keys are generated and exchanged, also using IKE phase two or quick mode.

So main mode and quick mode are both used in the process of establishing and refreshing an IPsec network.