cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
10
Helpful
5
Replies
Highlighted

IKE Aggressive Mode (Afraid of the implications)

Hi Everyone,
I am working on a project and the security team has requested to disable crypto isakmp aggressive-mode. I understand the difference between the modes but since the disabling of this mode is done through global configuration mode I am afraid of what would happen to all my crypto maps as soon as that command is applied. Do I need to apply the command below on every end of every ipsec tunnel?:

(config)# crypto isakmp aggressive-mode disable

Do I need to apply the command below on every end of every ipsec tunnel?

Thanks in Advance!

Daniel

5 REPLIES 5
Highlighted
Enthusiast

crypto isakmp aggressive-mode disable is single global command which will disable AM mode for all ipsec vpn.

Kindly rate for useful post

Highlighted

Thanks Pawan!,

So what would be the impact on those ipsec vpn's? will they go down until I disable aggressive mode on the far ends?

Highlighted

Remote end should forceup for Main mode to get vpn up.

Highlighted

Ok

Thanks!

Highlighted

I have the same requirement, so will this bring down the ipsec vpn and auto re-establish, or do I have to do something on the both sides of the vpn to make it work again.

Please note that on one side aggressive mode has already been disabled.