I would be greatly thankful for the aggressive mode option in the pre-shared key ipsec vpn tunnels. It is a very little risk whilst the peer ID of the initiator is sent in clear. IKE aggressive mode hacking is possible only as a brute force with weak keys, even then it's not very easy. In many cases there is a need for quickly establishing an ipsec vpn tunnel from a site with a dynamic IP without using the certificates therefore strong keys, the rekey protection, ect. must be used. All the big (and even small) manufacturers (Juniper, Cisco, ect.) allow the user chose whether to use certificates or a pre-shared key in the aggressive mode key exchange. I am totally disappointed that the MT staff don't let the end-user itself to decide what is safe and what is not
. (I pay - I decide!) The same way an admin could make all ports open to the outside (or whatever), you wouldn't prevent that, would you? If I would have known this, I would have bought a Juniper or Vigor.