When the Main mode negotiation is complete, each IPsec peer has selected a specific set of cryptographic algorithms for securing Main mode and Quick mode messages, exchanged key information to derive a shared secret key, and performed authentication. Before secure data is sent, a Quick mode negotiation must occur to determine the type of traffic to be secured and how it will be secured. A Quick mode negotiation is also done when a Quick mode SA expires. Quick mode messages are ISAKMP messages that are encrypted using the ISAKMP SA. The result of a Quick mode negotiation is two IPsec SAs: one for inbound traffic and one for outbound traffic.

Quick mode negotiation for IPsec for Windows Server 2008 and Windows Vista consists ...