To disable crypto isakmp aggressive-mode disable

Config t

crypto ikev1 am-disable

Cleve-Cloud-IPSEC-Services-NGFW-ASA(config)# sh run | inc crypto ikev1   

crypto ikev1 enable outside

crypto ikev1 am-disable

Cleve-VPN-ASA-Cor089b30/pri/act# sh run | inc crypto ikev1

crypto ikev1 enable outside

crypto ikev1 enable inside

crypto ikev1 am-disable

crypto ikev1 ipsec-over-tcp port 10000

-----------------------------------------------------------------------------------------------------

<< To re-enable if needed >>

Cleve-VPN-ASA-Cor089b30/pri/act(config)# no crypto ikev1 am-disable

Cleve-VPN-ASA-Cor089b30/pri/act(config)# sh run | inc crypto ikev1

crypto ikev1 enable outside

crypto ikev1 enable inside

crypto ikev1 ipsec-over-tcp port 10000

crypto ikev1 policy 1

crypto ikev1 policy 2

crypto ikev1 policy 4

Show crypto isakmp sa

Running in main mode:

1   IKE Peer: 65.201.134.9

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

2   IKE Peer: 66.146.133.66

    Type    : L2L             Role    : initiator

    Rekey   : no              State   : MM_ACTIVE

Running in aggressive mode:

1   IKE Peer: 192.8.217.145

    Type    : user            Role    : responder

    Rekey   : no              State   : AM_ACTIVE

2   IKE Peer: 192.8.217.145

    Type    : user            Role    : responder

    Rekey   : no              State   : AM_ACTIVE

Current Version 9.5.2

Gary Rezabk