Does having crypto isakmp aggressive-mode disable get you anything security-wise on routers if you're using certificates instead of pre-shared keys for IPSec tunnels?
We went with aggressive-mode disable not long after this came out http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html but now that we've moved from shared keys to certificates I'm wondering if keeping aggressive mode disabled get us anything besides a lot of %CRYPTO-5-IKMP_AG_MODE_DISABLED: syslog messages. Thanks, Lee _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
