Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

aggresive mode and VPN flavors

Hi all

Someone put this question to me and i have decided to put it to you all cos i wasnt sure of my response.

For site to site and remote access VPNs , do both VPN flavors default to main mode for ike phase 1 negotiation.

or does site to site use main mode and remote access use aggresive mode by default.

i choose the second answer in bold font

  • VPN
5 REPLIES
Cisco Employee

Re: aggresive mode and VPN flavors

Site-to-Site VPN default to Main Mode for Phase 1, and Remote Access VPN default to Agressive Mode for Phase 1.

Hope that confirms it.

New Member

Re: aggresive mode and VPN flavors

thanks a lot Jen for confirming .

New Member

Re: aggresive mode and VPN flavors

Hi Jen,

I just came across something contrary , according to yusufs certflash cards  Main mode is used for remote access vpns that use digital certificate authentication

New Member

Re: aggresive mode and VPN flavors

But aggresive mode is used for remote access VPNs that use pre shared keys

Cisco Employee

Re: aggresive mode and VPN flavors

Yes, that is correct.

Basically main mode performs 6 packet exchanges while aggressive mode only performs 3 packet exchanges.

322
Views
0
Helpful
5
Replies
This widget could not be displayed.