Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Main mode vs. Aggressive mode

How to change from aggressive mode to main mode. I can not find any thing in Cisco documentation about how to use secret share and main mode together.

  • VPN
5 REPLIES
Hall of Fame Super Blue

Re: Main mode vs. Aggressive mode

Hi

Are you talking about site-to-site VPN ?. Main mode is the default so you unless you have configured aggressive mode it will use main mode.

HTH

Jon

New Member

Re: Main mode vs. Aggressive mode

Thanks for the replay

I am under the expression that Aggressive Mode is used for pre-shared keys and Main Mode is used for RSA-SIG based key exchange. Is this right ??

I have not specified any mode configuring the site to site tunnel so it?s mean I am using main mode ?

Please elaborate on this .

Hall of Fame Super Blue

Re: Main mode vs. Aggressive mode

Hi

No, by default main mode will be used for pre-shared keys and rsa-sigs as far as i know.

If you have not specified any mode when configuring it you should be using main mode. If you do a debug are you seeing MM_ entries when setting up Phase 1 as MM = Main Mode.

HTH

Jon

New Member

Re: Main mode vs. Aggressive mode

Thanks

Does any body know how to specify the aggressive mode ? I mean what is the command ??

New Member

Re: Main mode vs. Aggressive mode

Hi,

Enabling Main mode:

-------------------

Router(config)#crypto isakmp aggressive-mode disable

/*It is implicitly there in router by default

Enabling Aggressive-mode:

--------------------------

Router(config)#no crypto isakmp aggressive-mode disable.

Plz rate if it helps.

--Jaffer

531
Views
0
Helpful
5
Replies