During IKE Phase I:

• The peers authenticate, either by certificates or via a pre-shared secret. (More authentication methods are available when one of the peers is a remote access client.)
• A Diffie-Hellman key is created. The nature of the Diffie-Hellman protocol means that both sides can independently create the shared secret, a key which is known only to the peers.
• Key material (random bits and other mathematical data) as well as an agreement on methods for IKE phase II are exchanged between the peers.