06-15-2021 10:25 AM
Dear All,
Please is there a specific command to confirm the Mode of my cisco site to site vpn connection?.
I need to change from Aggressive to Main mode.
And i used the crypto isakmp aggressive-mode disable, but then i need to be sure the mode has changed to Main and i need to confirm the mode of other vpn connection on my cisco 2911 router.
Thanks
Solved! Go to Solution.
06-16-2021 07:17 AM
hi,
you can use the 'show run all | inc crypto isakmp'.
check for the line 'aggressive-mode disable' then you're already using main mode.
#sh run all | i crypto isakmp
crypto isakmp policy 1
crypto isakmp policy 10
crypto isakmp invalid-spi-recovery
crypto isakmp aggressive-mode disable
06-15-2021 12:10 PM
Hi @systems100
I'm not aware of a specific command that will show you that but you could try a debug (debug crypto isakmp), first enable the debug then trigger the tunnel and you should be able to see the mode that's being used in the messages.
HTH
06-16-2021 12:41 PM
Dear Marioiram,
thanks for your response too.
06-16-2021 07:17 AM
hi,
you can use the 'show run all | inc crypto isakmp'.
check for the line 'aggressive-mode disable' then you're already using main mode.
#sh run all | i crypto isakmp
crypto isakmp policy 1
crypto isakmp policy 10
crypto isakmp invalid-spi-recovery
crypto isakmp aggressive-mode disable
06-16-2021 12:40 PM
Hi Johnlloyd_13,
thanks for your response.
I was able to get the vpn mode via the command you suggested.
I really appreciate it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide