01-17-2013 10:40 PM - edited 03-04-2019 06:45 PM
HI All,
Need the clarity on IKE version 1 with aggressive mode, I assume this is used for remote site VPN and not for site to site VPN.
Correct me I am wrong and also share the inputs on this.
Also required the inputs for disabling in Cisco 3800 series router.
Thanks in advance
Regards
Suresh
01-21-2013 05:50 AM
HI Rudy,
Just for clarification, I am referring to IKEv1 not IKE phase 1.
But your explanation seems to be for IKE phase1, Please confirm.
01-21-2013 06:11 AM
yes, that is correct, it is IKE phase 1 for IKEv1, if it's IKEv2 you will need to configure the encryption, hash, DH group on IKEv2 proposal, it will look like below:
crypto ikev2 proposal name
encryption {3des} {aes-cbc-128} {aes-cbc-192} {aes-cbc-256}
integrity {sha1} {sha256} {sha384} {sha512} {md5}
group {1} {2} {5} {14} {15} {16} {19} {20} {24}
end
01-21-2013 06:48 AM
Hi Rudy,
Is this IKEv1 is used for site to site or remote site VPN ?
01-21-2013 07:36 AM
It can be used for S2S and also for remote site VPN such as DMVPN, EZVPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide