What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec
establishment?
A.
It does not use Diffie-Hellman for secret exchange.
B.
It does not support dead peer detection.
C.
It does not support NAT traversal.
D.
It does not hide the identity of the peer.
When you’re using Aggressive mode, the authentication hash, (pre-shared key) is transmitted as response to the initial packet of the vpn client that wants to establish an IPSec Tunnel. The hash (pre shared key) is not encrypted.
http://security.stackexchange.com/questions/76444/what-are-the-practical-risks-of-using-ike-aggressive-mode-with-a-pre-shared-key