Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Impact of disabling IKE aggressive mode on Cisco VPN Client users?

We have a requirement to disable IKE aggressive mode. We are running an ASA v7 and I know how to do this ("isakmp am-disable") but I'm not sure what impact it will have on our existing VPN set-up.

We are using pre-shared keys.

We have remote offices (typically Cisco 800 series routers) which connect over IPSEC VPN with our head office and I'm pretty sure they are fine with main mode negotiation only (indeed, I have already disabled aggressive mode on these routers using "crypto isakmp aggressive-mode disable" with no adverse effects (as far as I know!)

However, we also have remote users that connect using the Cisco VPN client software and this is what I'm not so sure about. If I disable aggressive mode on the ASA, is there likely to be any impact on Cisco VPN Client software users? (We probably have a few versions of the VPN Client software out there but should all be at least v4)

Is there any way to determine (through the VPN Client logs) whether its using main mode or aggressive mode?

Thanks.

  • Firewalling
3 REPLIES
Silver

Re: Impact of disabling IKE aggressive mode on Cisco VPN Client

VPN clients ONLY use aggressive mode. That's

just the way it is. If you want to use Main

Mode in remote access clients, use other

vendors besides Cisco

New Member

Impact of disabling IKE aggressive mode on Cisco VPN Client user

does cisco any connect ssl vpn still use aggressive mode?

New Member

I have Cisco ASA running IKE

I have Cisco ASA running IKE aggressive mode. My questions are below.

Would it be service affecting if aggressive mode disables?

How can i change IKE to Main mode ?

Does it mean that remote end ASA also requires to have aggressive mode disable?

Is it service affecting task?

Thank you

7460
Views
0
Helpful
3
Replies
This widget could not be displayed.