Page 1 of 1
Aggressive mode IKE
Posted: Tue Oct 06, 2015 6:24 pm
by karnos666
Hello Everyone,
One of our vendors did security check on our network and gave us an issue about CVE-2002-1623:
https://web.nvd.nist.gov/view/vuln/deta ... -2002-1623
It looks like it's related to Aggressive mode IKE being enable.
Does anyone know how to fix it?
Re: Aggressive mode IKE
Posted: Thu Oct 08, 2015 12:43 am
by theodisbutler
Sure.. use a different VPN protocol.
Re: Aggressive mode IKE
Posted: Sun Oct 11, 2015 1:26 am
by karnos666
Is there any other way than changing the protocol?
Re: Aggressive mode IKE
Posted: Thu Oct 22, 2015 1:06 pm
by cedar
IPSec initiator side selects the IKE mode.
If you don't want to use the aggressive mode, you can configure the VPN client so.
Re: Aggressive mode IKE
Posted: Mon Sep 12, 2016 5:41 am
by thisjun
Please read the manual of the your client.
Re: Aggressive mode IKE
Posted: Tue Nov 05, 2019 11:12 am
by roblito
Has anyone answered this one? It's not a client issue.
A Nessus scan of the server reports "The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared Key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorised access to private networks."
Can anyone suggest a way to set Softether to use Main Mode instead of Aggressive Mode?
Re: Aggressive mode IKE
Posted: Fri Apr 03, 2020 2:28 pm
by drnoelkelly
"Added the DisableIPsecAggressiveMode option. You can set "bool DisableIPsecAggressiveMode true" to disable the IPsec Aggressive Mode to moderate CVE-2002-1623."
https://www.softether.org/5-download/history