Enabling Aggressive Mode globally on an IOS router is pretty straight forward and is the default any way;
no crypto isakmp aggressive-mode disable
But the problem with this is that the router will only act as a responder to VPN requests that come in. It cannot initiate a VPN in Aggressive Mode.
Adding the Aggressive Mode option in an ISAKMP profile and attaching that profile to the crypto map of that peer will allow the IOS router to also initiate a VPN in Aggressive Mode with the peer;
crypto isakmp profile p1-profile-aggressive
keyring global_keys
self-identity fqdn
match identity address <peer-IP>
initiate mode aggressive
!
crypto map out_map 10 ipsec-isakmp
set isakmp-profile p1-profile-aggressive
AMs are mostly used for Remote Access VPNs so having AM enabled globally would be sufficient as the Clients will always be initiating the connection.
But this scenario would come into picture when you are configuring Site-to-Site VPNs to use AM instead of MM. The reason you would configure a Site-to-Site VPN in AM can vary, but most probably it is because you want to use Certificates for your peer authentication or you want to use pre-shared keys and still be crazy enough to use AM. :-)
