Disable aggressive mode

Unanswered Question
Nov 3rd, 2008

We wanted to know if there is a way to disable “Aggressive mode” on the VPN concentrator.


For example, on the ASA, we can do it using the command “isakmp am-disable”


On a router we can do it using the command “crypto isakmp aggressive-mode disable”.


Is there a similar command on the VPN concentrator ?

Your help is appriciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Mon, 11/03/2008 - 04:10

On the VPN Concentrator Web consolgo to this paage,

Configuration > Policy Management > Traffic Management > Security Associations


select the IPSec SA created for the particular VPN session, then Modify


Go under IKE Parameters and then change the Negotiation Mode.


Hope this Helps.

f.aoun Mon, 11/03/2008 - 05:27

Thx, Does this prevent a vpn client from using aggressive mode. From the tests it seems that it still can access using aggressive mode (is it normal)? (using preshared).

ajagadee Mon, 11/03/2008 - 10:48

Fadi,


Are you using Pre-Shared Keys or Certificates for Authentication. Please refer the below link for information on VPN Client AM and MM.


http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_data_sheet090

0aecd801a9de9.html


Aggressive Mode is the default and the only mode available for Pre-shared key and Main Mode is only available for the Cert authentication.


So, it is my understanding that it is not possible for VPN clients to use main mode to authenticate to the VPN3000 with pre-shared keys.


Regards,

Arul


*Pls rate if it helps*





Actions

This Discussion