PCI scan came back that aggressive mode needs to be disabled on ASA. I am looking through forums and researching, I am seeing conflicting information on this. The command to disable aggressive mode is crypto ikev1 am-disable. But this is where it is conflicting, I can see that when the tunnel goes to re-negotiate it will establish using main mode but from reading other articles it states there that the tunnel will form only with certificates and not pres-shared keys. Can I give a solid answer to this please.