VPN: Site to Site and Remote Access ASG /aggressive mode

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 1 subscriber
Views 3670 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG /aggressive mode

admin@ethiq.net over 14 years ago

Hello,

Why ASG don't support aggressive mode ?

Thanks.

This thread was automatically locked due to age.

0 Scott_Klassen over 14 years ago

If I had to take a guess, I'd say this has something to do with it:

"Aggressive mode is faster than Main Mode but not as secure. However, aggressive mode uses half the number of messages, has less negotiation power, and does not provide identity protection."

Astaro is a security product after all, so it would make sense not to support unsecure methods.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 14 years ago in reply to Scott_Klassen

Aggressive mode is insecure... thus they dropped support for it. I think even Cisco has changed the defaults on newer builds of their security IOS, etc. to default to Main Mode.
Cancel
Vote Up 0 Vote Down

Cancel
0 admin@ethiq.net over 14 years ago in reply to BrucekConvergent

Why is aggressive mode still in astaro ipsec client ?

thx...
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 14 years ago in reply to admin@ethiq.net

Probably a leftover from the OEM mfg. they didn't turn off... Astaro OEMs that client from another software vendor. Also, that client can be used to connect to other IPSEC VPN concentrators, not just an Astaro, so they may have left that option in purposefully (though I wouldn't, given Main Mode is safer and supported on most / all IPSEC VPN concentrators).
Cancel
Vote Up 0 Vote Down

Cancel