Main mode vs. Aggressive mode

tajm · ‎06-05-2007

How to change from aggressive mode to main mode. I can not find any thing in Cisco documentation about how to use secret share and main mode together.

Jon Marshall · ‎06-05-2007

Hi

Are you talking about site-to-site VPN ?. Main mode is the default so you unless you have configured aggressive mode it will use main mode.

HTH

Jon

tajm · ‎06-06-2007

Thanks for the replay

I am under the expression that Aggressive Mode is used for pre-shared keys and Main Mode is used for RSA-SIG based key exchange. Is this right ??

I have not specified any mode configuring the site to site tunnel so it?s mean I am using main mode ?

Please elaborate on this .

Jon Marshall · ‎06-06-2007

Hi

No, by default main mode will be used for pre-shared keys and rsa-sigs as far as i know.

If you have not specified any mode when configuring it you should be using main mode. If you do a debug are you seeing MM_ entries when setting up Phase 1 as MM = Main Mode.

HTH

Jon

tajm · ‎06-07-2007

Thanks

Does any body know how to specify the aggressive mode ? I mean what is the command ??

jaffer_sathik2010 · ‎06-07-2007

Hi,

Enabling Main mode:

-------------------

Router(config)#crypto isakmp aggressive-mode disable

/*It is implicitly there in router by default

Enabling Aggressive-mode:

--------------------------

Router(config)#no crypto isakmp aggressive-mode disable.

Plz rate if it helps.

--Jaffer