Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Disable aggressive mode

We wanted to know if there is a way to disable “Aggressive mode” on the VPN concentrator.

For example, on the ASA, we can do it using the command “isakmp am-disable”

On a router we can do it using the command “crypto isakmp aggressive-mode disable”.

Is there a similar command on the VPN concentrator ?

Your help is appriciated.

4 REPLIES

Re: Disable aggressive mode

On the VPN Concentrator Web consolgo to this paage,

Configuration > Policy Management > Traffic Management > Security Associations

select the IPSec SA created for the particular VPN session, then Modify

Go under IKE Parameters and then change the Negotiation Mode.

Hope this Helps.

Community Member

Re: Disable aggressive mode

Thx, Does this prevent a vpn client from using aggressive mode. From the tests it seems that it still can access using aggressive mode (is it normal)? (using preshared).

Re: Disable aggressive mode

The setting I had mentioned is only for a particular L2L IPSEC tunnel.

Cisco Employee

Re: Disable aggressive mode

Fadi,

Are you using Pre-Shared Keys or Certificates for Authentication. Please refer the below link for information on VPN Client AM and MM.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_data_sheet090

0aecd801a9de9.html

Aggressive Mode is the default and the only mode available for Pre-shared key and Main Mode is only available for the Cert authentication.

So, it is my understanding that it is not possible for VPN clients to use main mode to authenticate to the VPN3000 with pre-shared keys.

Regards,

Arul

*Pls rate if it helps*

479
Views
0
Helpful
4
Replies
CreatePlease to create content