Skip navigation
Login   |   Register
Cisco Learning Home > Learning Center > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
13891 Views 4 Replies Latest reply: Dec 27, 2012 4:01 PM by Paul Stewart - CCIE Security RSS

Currently Being Moderated

Disabling Aggressive Mode on Cisco ASA 5505

Mar 22, 2012 7:56 AM

argoldsmith 2 posts since
Sep 24, 2010

Hello All,

 

I'm new to the Cisco ASA firewalls and need a little help with disabling aggressive mode. We currently have a site-to-site VPN setup w/ two ASA 5505s on each side and also use anyconnect for remote users to connect back to the office. When I do a "sh run" on one of the ASAs here's what I found in part of the config:

 

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 5

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption aes-192

hash sha

group 5

lifetime 86400

 

I've read that crypto isakmp am-disable will disable aggressive mode and force main mode to be used, however, I'm not sure if doing this on both ASAs will "break" the site-to-site VPN connection. If so, what other configuration steps need to be taken for use of main mode only?

 

Thanks,

 

Adam G.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)