Due to PCIDSS requirements I need to have IKE aggressive mode disabled on all the devices that terminate VPN Tunnels. Unfortunately I have several PIX 501s out there that don't have the capability to disable IKE Aggressive mode. Would it work to create access lists that only allow port 500/udp and protocol 50 from my VPN Concentrator's IP and deny all other traffic, effectively making IKE aggressive mode a non issue?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...