06-05-2007 02:30 AM
How to change from aggressive mode to main mode. I can not find any thing in Cisco documentation about how to use secret share and main mode together.
06-05-2007 02:50 AM
Hi
Are you talking about site-to-site VPN ?. Main mode is the default so you unless you have configured aggressive mode it will use main mode.
HTH
Jon
06-06-2007 12:13 AM
Thanks for the replay
I am under the expression that Aggressive Mode is used for pre-shared keys and Main Mode is used for RSA-SIG based key exchange. Is this right ??
I have not specified any mode configuring the site to site tunnel so it?s mean I am using main mode ?
Please elaborate on this .
06-06-2007 12:18 AM
Hi
No, by default main mode will be used for pre-shared keys and rsa-sigs as far as i know.
If you have not specified any mode when configuring it you should be using main mode. If you do a debug are you seeing MM_ entries when setting up Phase 1 as MM = Main Mode.
HTH
Jon
06-07-2007 12:08 AM
Thanks
Does any body know how to specify the aggressive mode ? I mean what is the command ??
06-07-2007 02:32 AM
Hi,
Enabling Main mode:
-------------------
Router(config)#crypto isakmp aggressive-mode disable
/*It is implicitly there in router by default
Enabling Aggressive-mode:
--------------------------
Router(config)#no crypto isakmp aggressive-mode disable.
Plz rate if it helps.
--Jaffer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide