Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
3
Replies

Is there a way to disable the default ISAKMP policy?

ahlgrenjm
Level 1
Level 1

‎12-12-2008 10:24 AM - edited ‎03-09-2019 09:53 PM

We have a couple VPN routers that are failing a Qualys scan b/c of the existence of the default ISAKMP policy. "show crypto isakmp policy" shows this as the "default protection suite". I'm looking for a way to disable this policy or, better yet, remove it.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

irisrios
Level 6
Level 6

‎12-18-2008 07:30 AM

There is no way to disable the default ISAKMP policy at this time. If policies are configured explicitly, these defaults will not be active.

0 Helpful

ahlgrenjm
Level 1
Level 1
In response to irisrios

‎12-18-2008 07:34 AM

Thanks for the reply! We do have a policy explicitly configured so the default should be inactive then. Do you know if Cisco has this published somewhere (that the default will be disabled if another policy is explicitly configured)? That would help me tremendously with the auditors.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to ahlgrenjm

‎12-18-2008 09:14 AM

Hi,

As of today, there is no way to disable the default isakmp policy. But, I am hoping to see this change in future releases.

Regards,

Arul

*Pls rate all helpful posts*

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents