cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
525
Views
10
Helpful
5
Replies

IKE Aggressive Mode (Afraid of the implications)

Hi Everyone,
I am working on a project and the security team has requested to disable crypto isakmp aggressive-mode. I understand the difference between the modes but since the disabling of this mode is done through global configuration mode I am afraid of what would happen to all my crypto maps as soon as that command is applied. Do I need to apply the command below on every end of every ipsec tunnel?:

(config)# crypto isakmp aggressive-mode disable

Do I need to apply the command below on every end of every ipsec tunnel?

Thanks in Advance!

Daniel

5 Replies 5

Pawan Raut
Level 4
Level 4

crypto isakmp aggressive-mode disable is single global command which will disable AM mode for all ipsec vpn.

Kindly rate for useful post

Thanks Pawan!,

So what would be the impact on those ipsec vpn's? will they go down until I disable aggressive mode on the far ends?

Remote end should forceup for Main mode to get vpn up.

Ok

Thanks!

I have the same requirement, so will this bring down the ipsec vpn and auto re-establish, or do I have to do something on the both sides of the vpn to make it work again.

Please note that on one side aggressive mode has already been disabled.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: