Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1605
Views
5
Helpful
3
Replies

IPSEC Main Mode with PSK

Paul Masterton
Level 1
Level 1

‎03-19-2013 08:34 AM - edited ‎02-21-2020 06:46 PM

Hi all,

I think a quick question for you...

Am I right in thinking I can run IPSEC in main mode if I know the IP address of all my L2L VPN end points? (They all have static IPs) I can disable aggressive mode in IOS in this scenario?

I would only need aggressive mode if I wanted PSK and remote access type VPNs on the same router because the client addresses will no be dynamic?

Thanks!

P

Labels:
0 Helpful
3 Replies 3

Javier Portuguez
Level 9
Level 9

‎03-19-2013 08:47 AM

Hi P,

Yes if you are connecting IPsec clients with PSK then Aggresive mode needs to be enabled.

Thanks.

Portu.

0 Helpful

Andrew Phirsov
Level 7
Level 7

‎03-19-2013 10:03 AM 

Am I right in thinking I can run IPSEC in main mode if I know the IP  address of all my L2L VPN end points? (They all have static IPs) I can  disable aggressive mode in IOS in this scenario?

That's right as long as devices ip addresses are used as peers IKE IDs. I mean if you have static ip addresses but use FQDNs as IKE IDs the tunnel won't establish. So with PSK and FQDN as peer identities even in site-to-site VPN you'd have to use aggressive mode too.

Javier Portuguez
Level 9
Level 9
In response to Andrew Phirsov

‎03-19-2013 10:05 AM

Nice Andrew

0 Helpful
Customers Also Viewed These Support Documents