09-22-2008 08:36 AM
Does ASA5510 use Aggressive Mode when setting up VPN tunnels?
Any link where I can get more information on this?
Also, is there any configuration on the ASA that can be done to mitigate the vulnerability mentioned in the link below?
http://www.cisco.com/warp/public/707/cisco-sr-20060726-ike.shtml
Best regards.
09-22-2008 02:39 PM
The link is only related to ASA running version 7.2. Right now the newest version is 8.04 which is not listed under this vulnerability. The default mode is aggressive mode but you can use main mode by disabling the aggressive mode using the command "isakmp am-disable" under the tunnel group.
Hope this helps,
09-25-2008 01:07 AM
Thank you very much for your response. This is very helpful.
Could you please provide me with a link that states that 8.04 has solved this vulnerability?
My ASA is running OS 8.0(3) but the company that did a Penetration Test on my ASA said my ASA 5510 is affected by this vulnerability.
Cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide