Solved: Command to Check VPN Mode

systems100 · ‎06-15-2021

Dear All,

Please is there a specific command to confirm the Mode of my cisco site to site vpn connection?.

I need to change from Aggressive to Main mode.

And i used the crypto isakmp aggressive-mode disable, but then i need to be sure the mode has changed to Main and i need to confirm the mode of other vpn connection on my cisco 2911 router.

Thanks

johnlloyd_13 · ‎06-16-2021

hi,

you can use the 'show run all | inc crypto isakmp'.

check for the line 'aggressive-mode disable' then you're already using main mode.

#sh run all | i crypto isakmp
crypto isakmp policy 1
crypto isakmp policy 10
crypto isakmp invalid-spi-recovery
crypto isakmp aggressive-mode disable

View solution in original post

marioiram · ‎06-15-2021

Hi @systems100

I'm not aware of a specific command that will show you that but you could try a debug (debug crypto isakmp), first enable the debug then trigger the tunnel and you should be able to see the mode that's being used in the messages.

HTH

systems100 · ‎06-16-2021

Dear Marioiram,

thanks for your response too.

johnlloyd_13 · ‎06-16-2021

hi,

you can use the 'show run all | inc crypto isakmp'.

check for the line 'aggressive-mode disable' then you're already using main mode.

#sh run all | i crypto isakmp
crypto isakmp policy 1
crypto isakmp policy 10
crypto isakmp invalid-spi-recovery
crypto isakmp aggressive-mode disable

systems100 · ‎06-16-2021

Hi Johnlloyd_13,

thanks for your response.

I was able to get the vpn mode via the command you suggested.

I really appreciate it.