Aggressive Mode
For a successful and secure communication using IPsec, the IKE (Internet Key Exchange) protocols take part in a two-step negotiation. Main mode or Aggressive mode (Phase 1) authenticates and/or encrypts the peers. Quick mode (Phase 2) negotiates the algorithms and agree on which traffic will be sent across the VPN. Below, we will take a further look at Aggressive mode (Phase 1).
Aggressive mode can be used within the phase 1 VPN negotiations, as opposed to Main mode. Aggressive mode takes part in fewer packet exchanges. Aggressive mode does not provide identity protection of the two IKE peers, unless digital certificates are used. This means the VPN peers exchange their identities without encryption (clear text).
Why would we use Aggressive mode over Main mode?
It is not as secure as main mode, but the advantage to aggressive mode is that it is faster than Main mode. Aggressive mode is typically used for remote access VPN’s (remote users). Also you would use aggressive mode if one or both peers have dynamic external IP addresses. You don’t have to use Aggressive mode however, if the peer devices are using digital certificates.
Further Reading
Wikipedia's guide to IKE (Internet Key Exchange)
