12-12-2008 10:24 AM - edited 03-09-2019 09:53 PM
We have a couple VPN routers that are failing a Qualys scan b/c of the existence of the default ISAKMP policy. "show crypto isakmp policy" shows this as the "default protection suite". I'm looking for a way to disable this policy or, better yet, remove it.
12-18-2008 07:30 AM
There is no way to disable the default ISAKMP policy at this time. If policies are configured explicitly, these defaults will not be active.
12-18-2008 07:34 AM
Thanks for the reply! We do have a policy explicitly configured so the default should be inactive then. Do you know if Cisco has this published somewhere (that the default will be disabled if another policy is explicitly configured)? That would help me tremendously with the auditors.
12-18-2008 09:14 AM
Hi,
As of today, there is no way to disable the default isakmp policy. But, I am hoping to see this change in future releases.
Regards,
Arul
*Pls rate all helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide