[c-nsp] crypto isakmp aggressive-mode disable
Lee
ler762 at gmail.com
Wed Jun 2 13:04:38 EDT 2010
Does having
crypto isakmp aggressive-mode disable
get you anything security-wise on routers if you're using certificates
instead of pre-shared keys for IPSec tunnels?
We went with aggressive-mode disable not long after this came out
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html
but now that we've moved from shared keys to certificates I'm
wondering if keeping aggressive mode disabled get us anything besides
a lot of %CRYPTO-5-IKMP_AG_MODE_DISABLED: syslog messages.
Thanks,
Lee
More information about the cisco-nsp
mailing list