05-10-2010 05:06 AM
Hi,
Can anyone tell me whatthe above message means and how to resolve it.
Thanks
Solved! Go to Solution.
05-10-2010 08:14 AM
The command will disable inbound aggresive mode connections.
If you want, there's an option to disable inbound aggresive mode connections on the tunnel-group as well.
tunnel-group xxxxxx ipsec-attributes
isakmp am-disable
In this way you disable inbound aggresive mode connections from an specific peer.
If a peer tries to establish an aggresive mode connection, you should see a message like this in the logs:
''Unable to initiate or respond to Aggressive Mode while disabled''
This command will prevent Easy Virtual Private Network (Easy VPN) clients from connecting if they are using preshared keys because Easy VPN clients (hardware and software) use aggressive mode.
Federico.
05-10-2010 06:50 AM
Hi,
Both Main Mode and Aggresive Mode are IKE Phase 1 exchange methods.
Main mode is the default and recommended (more secure) exchange method because it consists of six exchange messages.
Aggresive mode squeezes the IKE SA negotiation in three packets.
You can configure the device to use aggresive mode if needed or disable it.
What device are we talking about?
Federico.
05-10-2010 07:17 AM
Hi,
This is on the ASA5520, how can i change them to normal mode?
Thanks
Ellech
05-10-2010 07:22 AM
crypto isakmp am-disable
The above command disable inbound aggresive mode connections
Please rate helpful posts.
Federico.
05-10-2010 07:34 AM
will this automatically change the aggressive mode to normal mode?
05-10-2010 08:14 AM
The command will disable inbound aggresive mode connections.
If you want, there's an option to disable inbound aggresive mode connections on the tunnel-group as well.
tunnel-group xxxxxx ipsec-attributes
isakmp am-disable
In this way you disable inbound aggresive mode connections from an specific peer.
If a peer tries to establish an aggresive mode connection, you should see a message like this in the logs:
''Unable to initiate or respond to Aggressive Mode while disabled''
This command will prevent Easy Virtual Private Network (Easy VPN) clients from connecting if they are using preshared keys because Easy VPN clients (hardware and software) use aggressive mode.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide