Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Is there a way to disable the default ISAKMP policy?

We have a couple VPN routers that are failing a Qualys scan b/c of the existence of the default ISAKMP policy. "show crypto isakmp policy" shows this as the "default protection suite". I'm looking for a way to disable this policy or, better yet, remove it.

3 REPLIES
Silver

Re: Is there a way to disable the default ISAKMP policy?

There is no way to disable the default ISAKMP policy at this time. If policies are configured explicitly, these defaults will not be active.

New Member

Re: Is there a way to disable the default ISAKMP policy?

Thanks for the reply! We do have a policy explicitly configured so the default should be inactive then. Do you know if Cisco has this published somewhere (that the default will be disabled if another policy is explicitly configured)? That would help me tremendously with the auditors.

Cisco Employee

Re: Is there a way to disable the default ISAKMP policy?

Hi,

As of today, there is no way to disable the default isakmp policy. But, I am hoping to see this change in future releases.

Regards,

Arul

*Pls rate all helpful posts*

231
Views
0
Helpful
3
Replies
CreatePlease to create content