Have you seen the link below from the Cable Guy [love his stuff] ? It gives
a pretty understandable explanation.

http://www.microsoft.com/technet/com...spx?frame=true

Basically main mode is where the initial SA is established, where computers
authenticate to each other, and the master shared secret keys are created.
Diffie-Hellman exchange and computer authentication is only done in main
mode.

Quick mode is in addition to main mode and is where the specific "filters
lists" for the ipsec policy are implemented. The secure channel is
established between the two computers to protect data that is specified
within the filters and ipsec SA's are created for each direction of
traffic - inbound and outbound each with their own SPI. --- Steve



"MGM" wrote in message
news:9AF9D1F7-288D-4E59-A2B5-2B69000B0303@microsoft.com...
>I have been reading as much as I can about them, but I have not seen any
> information explaining the CLEAR difference. I see main mode as the
> initial
> conversation between to computers and quick mode any subsequent
> connections.
> But I would like to find out more detail.
>
> This question also includes how to read the ipsec security monitor which
> is
> broken up into two parts: main mode and quick mode. I would like to know
> the
> differences between what information is displayed in each area.