I am wondering if Aggressive Mode PSK hash attack can be applied to Main Mode negotiation while using wildacrd crypto IKE like:
crypto isakmp key xxxxx address 0.0.0.0 0.0.0.0?
I know that using ike-scan tool there is a possibility of obtaining hashed PSK from remote peer while using aggressive mode for IKE, so wondering if the same applies for wildcard PSK, but using Main Mode.
My question is while using wildcard PSK for DMVPN peers over internet along with main mode, can this key be somehow compromised by remote party since anybody is able to send IKE requests to the HUB routers, because of a wildcard PSK use.
I know there is a vulnerability but only in aggressive mode ( I disbaled AM)- obtaining PSK hash and then crack it
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...