Disable Security Baseline on Cisco Catalyst Routers : APOTICA

Disable Security Baseline on Cisco Catalyst Routers Print

Created by: Yaw Johnson [Apotica]

Modified on: Mon, 5 Sep, 2022 at 6:33 PM

Problem:

On the new cisco C8500 routers, Cisco security baseline does not allow the use of DH Group 2 in the implementation of IPSEC VPNs. This means that IPSEC that wont work if it uses DH Group 2.

Solution:
Turn off this baseline restriction.

Procedure:

1. Go to Rommon on the device

2. Enter "CSDL_MODE_DISABLE=1"

3. Enter "sync" to save

4. Enter "boot" to reload the device.

Yaw is the author of this solution article.

Did you find it helpful? Yes No

Help Desk Software by Freshdesk

Disable Security Baseline on Cisco Catalyst Routers Print

Related Articles