Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
1
Replies

Configuring main mode in VPN site to site

abdielmoyano
Level 1
Level 1

‎02-05-2019 09:53 AM - edited ‎02-21-2020 08:46 AM

Hello guys,

 

A client is asking me to implement a vpn site to site using main mode. But I have a Cisco ASA 5525 version 9.1(1) with its default value aggressive mode. I think that If I use the command "crypto ikev1 am-disable" in the global configuration mode I will affect my others vpn connections (in aggressive mode), so, is there a way to make it affecting just one VPN configuration?

 

Regards!

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎02-05-2019 11:08 AM

Hi,
You can determine whether your existing tunnels are using aggressive mode by checking the output of "show crypto isakmp sa" check to confirm whether the state is QM or MM. If all existing tunnels are using Main Mode, you should just be able to disable aggressive mode globally - this should not impact existing tunnels, however implement the change during a change window.

HTH
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card