Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Aggressive Mode IKE

We used to use IPSEC VPN, but now use Anyconnect SSL VPN. We have a third party scan our firewall externally, and they are recommending that we disable Aggressive Mode IKE. Is this only used for IPSec VPN's? Is it safe to remove this from our configuration on our ASA 5505?

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

Thank You.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Aggressive Mode IKE

Hi Bill,

The aggresive mode (3 pkt exchange) is only used for the IPsec remote access. The site to site VPN uses main mode (6 pkt exchange). If you do not have any site to site VPN you can disable these commands however if you do have site to site VPN then removing these will break them.

There is nothing called aggressive mode in Anyconnect. Anyconnect uses a totally different protocol called SSL (TCP/UDP port 443).

Hope this answers your question.

Thanks,

Vishnu Sharma

2 REPLIES
Cisco Employee

Aggressive Mode IKE

Hi Bill,

The aggresive mode (3 pkt exchange) is only used for the IPsec remote access. The site to site VPN uses main mode (6 pkt exchange). If you do not have any site to site VPN you can disable these commands however if you do have site to site VPN then removing these will break them.

There is nothing called aggressive mode in Anyconnect. Anyconnect uses a totally different protocol called SSL (TCP/UDP port 443).

Hope this answers your question.

Thanks,

Vishnu Sharma

New Member

Aggressive Mode IKE

Thank you. I was assuming that removing this would break the IPSec Client VPN, but I wanted to make sure it would not harm the Anyconnect VPN.

Thanks again.

3195
Views
5
Helpful
2
Replies