01-15-2007 07:03 AM
Hi,
Folowing security flaw existing in aggressive mode ipsec, Is there a way to deactivate aggresive mode on VPN3000 Concentrator. All my SAs are in main mode but it seems it still answer on aggressive handshake. (verify with tool like ike-scan)
If it's not possible to deactivate it can I mask the ID returned in the handshake has it is the private IP.
Thanks
01-16-2007 12:02 AM
Hi,
Go to:
Traffic Management | Security Associations
Edit them and under "IKE Parameters" select all to have Negociation as Main.
Please rate if this helped.
Regards,
Daniel
01-16-2007 02:44 AM
Hi,
All Negociation are "Main Mode" in "IKE Paramethers" but it still answer to Aggressive handshake.
An idea ?
01-25-2007 08:24 AM
I too would like to know the best fix for this.
According to:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html
"When responding to IPSec session initialization, Cisco IOS? software
may use Aggressive Mode even if it has not been explicitly configured
to do so."
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: