i have an asa with asdm , the customer had a security scan report showing the following vulnerability
"Pre-shared Key Off-line Bruteforcing Using IKE Aggressive Mode"
THREAT:
IKE is used during Phase 1 and Phase 2 of establishing an IPSec connection. Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. Every participant in IKE must possess a key which may be either pre-shared (PSK) or a public key. There are inherent risks to configurations that use pre-shared keys which are exaggerated when Aggressive Mode is used.
the suggested solution is using a stronger pre-shared key
1-first is this related to the vpn profile? and if so would changing the pre-shared key to something stronger require me to simply change it on all remote access vpn client?
2-would changing the password back to the original pre-shared password would allow the clients to work back normally with vpn?
3-i dont know the original password , i went to the more system:running-config to get it , is this the line with the password?
"default-group-policy XXX
tunnel-group XXX webvpn-attributes
group-alias XXX enable
tunnel-group XXX ipsec-attributes
ikev1 pre-shared-key password123" <<<<<<<<<<
