Home > Security Appliances > Client VPN > Security audit failed due to aggressive mode IKE

Security audit failed due to aggressive mode IKE

Table of contents
No headers
Cisco Meraki MX Client VPN requires Aggressive Mode IKE in order to use Pre-Shared Key authentication and avoid the installation of certificates on clients. Customers who have Client VPN enabled may fail PCI, SOX, or other security audits because Aggressive Mode IKE is detected.  In some cases, this can be appealed if the PSK is complex enough.  If that's the case, something similar to the line below should appear in the remediation notes for the report:
 
"If you are unable to disable Aggressive Mode IKE, then you should ensure that the pre-shared keys are strong. Like any password, be sure to use complex PSK values, and rotate the keys as often as is practical. These are recommended to be an alphanumeric value greater than 16 characters. If you already have a strong password policy for the PSKs, then you can appeal this vulnerability."
 If the auditing entity being used does not allow appeals of this vulnerability, then client VPN may need to be disabled to address this concern.
You must to post a comment.
Last modified
22:06, 2 Feb 2015

Tags

Classifications

This page has no classifications.

Article ID

ID: 1430

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community