Enable Main Mode and disable Aggressive Mode for EZ VPN
I was hoping someone would be able to help me out on this.
I have an 1841 Router and a Cisco ASA 5505 and currently they are using an EZ VPN to connect the sites.
I need to disable aggressive mode and force them to use Main mode instead due to PCI compliance.
However, upon disabling AM on both the router and firewall, the tunnel doesn't come back up and gets stuck in the ISAKMP negotiation. I'm wondering if there is more to it then running crypto isakmp am-disable on the firewall and crypto isakmp aggressive-mode disable on the router.
After I do that, the tunnel does not form and I see an MM_NOSTATE pop up in place of the AM_ACTIVE status on the firewall.
In order to get aggressive mode off and force main mode to be used, what else is necessary? Thank you for any assistance on this.
I've attached the configs of both sides if that would help
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...