VPN Client and IKE main mode negotiation

Unanswered Question
Aug 25th, 2005
User Badges:

Is it possible to configure the Cisco VPN client to use IKE Main Mode negotiation with pre-shared keys? And with digital certificates? If yes, how could I do it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jackko Thu, 08/25/2005 - 22:40
User Badges:
  • Gold, 750 points or more

just wondering the reason to insist the use main mode. both main and aggresive modes achieve the same result, except less steps involved with aggresive.

jsol Thu, 08/25/2005 - 23:39
User Badges:

When a VPN is configured to use pre-shared keys and permits the VPN client to negotiate the session in aggressive mode, it sends a hash of this key in clear text, so...

The solution for this should be to deactivate the option which permits the VPN client to use aggressive mode.

This is why I'd like to know if I can force the VPN client to negotiate only in main mode.


This Discussion