It can be done. It works on 12.4(24)T and above. It does not work on 12.4(15)T.
Regards, Piotr 2012/3/20 Joe Astorino <[email protected]> > It appears that once again, I am trying to do something that is > impossible with respect to the beloved IOS : ) Thanks Petr, now I > know! It seems that while the rfc does allow for digital certificate > authentication with AM, IOS does not allow this feature. > > http://www.mail-archive.com/[email protected]/msg07563.html > > On Tue, Mar 20, 2012 at 1:39 PM, Joe Astorino <[email protected]> > wrote: > > I am pretty sure this is possible to do, but I can't get it working. > > The negotiation and tunnel works fine, but it always happens using > > main mode by default. I have tried both of the following: > > > > - Using ISAKMP Profiles to set aggressive mode > > > > crypto isakmp profile IKE-AGGRESIVE > > ca trust-point IOS-CA > > initiate mode aggressive > > ! > > crypto map OUTSIDE-STATIC 10 ipsec-isakmp > > set isakmp-profile IKE-AGGRESIVE > > ! > > int fa0/0 > > crypto map OUTSIDE-STATIC > > > > > > Using the "crypto isakmp peer" command set as follows > > > > crypto isakmp peer address 136.1.122.2 > > set aggressive-mode client-endpoint ipv4-address 136.1.122.2 > > > > > > No matter what I do in the debug I always see that "Unable to start > > aggressive mode, trying main mode." then it proceeds to negotiate MM > > fine. Any ideas on the proper configuration for this? > > > > > > > > > > -- > > Regards, > > > > Joe Astorino > > CCIE #24347 > > http://astorinonetworks.com > > > > "He not busy being born is busy dying" - Dylan > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
