We have a requirement to disable IKE aggressive mode. We are running an ASA v7 and I know how to do this ("isakmp am-disable") but I'm not sure what impact it will have on our existing VPN set-up.
We are using pre-shared keys.
We have remote offices (typically Cisco 800 series routers) which connect over IPSEC VPN with our head office and I'm pretty sure they are fine with main mode negotiation only (indeed, I have already disabled aggressive mode on these routers using "crypto isakmp aggressive-mode disable" with no adverse effects (as far as I know!)
However, we also have remote users that connect using the Cisco VPN client software and this is what I'm not so sure about. If I disable aggressive mode on the ASA, is there likely to be any impact on Cisco VPN Client software users? (We probably have a few versions of the VPN Client software out there but should all be at least v4)
Is there any way to determine (through the VPN Client logs) whether its using main mode or aggressive mode?