crypto-ikev1/ikev2-policy commands

Configures the IPSec mode of operation for the IKEv1 policy. This option is not available for IKEv2 policy.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


mode [aggresive|main]


mode [aggresive|main]
mode [aggresive|main] Sets the mode of the tunnels
  • aggressive – Initiates the aggressive mode
  • main – Initiates the main mode

If configuring the IKEv1 IPSec policy, define the IKE mode as either main or aggressive. In the aggressive mode, 3 messages are exchanged between the IPSec peers to setup the SA. On the other hand, in the main mode, 6 messages are exchanged. The default setting is main.


nx9500-6C8809(config-profile-default-rfs4000-ikev1-policy-ikev1-testpolicy)#mode aggressive

nx9500-6C8809(config-profile-default-rfs4000-ikev1-policy-ikev1-testpolicy)#show context
 crypto ikev1 policy testpolicy
  dpd-keepalive 11
  dpd-retries 10
  lifetime 655
  isakmp-proposal default encryption aes-256 group 2 hash sha
  isakmp-proposal testpraposal encryption aes group 2 hash sha
  mode aggressive