Is there any way to disable or change the ISAKMP default policy?  I have created policy number 20 which is used in a site-to-site VPN but during a PCI quarterly scan the results come back failed to due to successful phase 1 authentication with DES/DH...