Is there a way to disable the default ISAKMP policy?

Unanswered Question
Dec 12th, 2008

We have a couple VPN routers that are failing a Qualys scan b/c of the existence of the default ISAKMP policy. "show crypto isakmp policy" shows this as the "default protection suite". I'm looking for a way to disable this policy or, better yet, remove it.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 12/18/2008 - 07:30

There is no way to disable the default ISAKMP policy at this time. If policies are configured explicitly, these defaults will not be active.

ahlgrenjm Thu, 12/18/2008 - 07:34

Thanks for the reply! We do have a policy explicitly configured so the default should be inactive then. Do you know if Cisco has this published somewhere (that the default will be disabled if another policy is explicitly configured)? That would help me tremendously with the auditors.

ajagadee Thu, 12/18/2008 - 09:14


As of today, there is no way to disable the default isakmp policy. But, I am hoping to see this change in future releases.



*Pls rate all helpful posts*


This Discussion