cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4604
Views
0
Helpful
3
Replies

Unable to establish VPN session with Aggressive Mode disabled

jrobey284
Level 1
Level 1

I am trying to diable aggressive mode, for security reasons. I have a Cisco 3825 running c3825-advsecurityk9-mz.124-24.T2.bin. When I disable aggressive mode with  ROUTER(config)#crypto isakmp aggressive-mode disable , I am unable to connect. The syslog message displayed is > %CRYPTO-5-IKMP_AG_MODE_DISABLED: Unable to initiate or respond to Aggressive Mode while disabled  and the client error is Reason 412: The remote peer is no longer responding.

3 Replies 3

andrew.prince
Level 10
Level 10

You have disabled it your end but....

%CRYPTO-5-IKMP_AG_MODE_DISABLED: Unable to initiate or respond to Aggressive Mode while disabled

So the remote side is still trying to use it, disable it on the remote site.

I am using the Cisco VPN client to connect, so there isn't a way to disable aggressive mode. But from what I just finished reading.. The only way to use main mode is use certificates, if you use a PSK(which I do for the group) then aggressive mode has to be enabled.

Agreed.