Main mode vs. Aggressive mode

Unanswered Question
Jun 5th, 2007
User Badges:

How to change from aggressive mode to main mode. I can not find any thing in Cisco documentation about how to use secret share and main mode together.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 06/05/2007 - 02:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Are you talking about site-to-site VPN ?. Main mode is the default so you unless you have configured aggressive mode it will use main mode.


HTH


Jon

tajm Wed, 06/06/2007 - 00:13
User Badges:


Thanks for the replay

I am under the expression that Aggressive Mode is used for pre-shared keys and Main Mode is used for RSA-SIG based key exchange. Is this right ??

I have not specified any mode configuring the site to site tunnel so it?s mean I am using main mode ?

Please elaborate on this .


Jon Marshall Wed, 06/06/2007 - 00:18
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


No, by default main mode will be used for pre-shared keys and rsa-sigs as far as i know.


If you have not specified any mode when configuring it you should be using main mode. If you do a debug are you seeing MM_ entries when setting up Phase 1 as MM = Main Mode.


HTH


Jon

tajm Thu, 06/07/2007 - 00:08
User Badges:

Thanks

Does any body know how to specify the aggressive mode ? I mean what is the command ??


jaffer_sathik2010 Thu, 06/07/2007 - 02:32
User Badges:

Hi,


Enabling Main mode:

-------------------

Router(config)#crypto isakmp aggressive-mode disable


/*It is implicitly there in router by default


Enabling Aggressive-mode:

--------------------------

Router(config)#no crypto isakmp aggressive-mode disable.


Plz rate if it helps.


--Jaffer

Actions

This Discussion