diff -Naur ike-scan-1.9.old/ike-scan.c ike-scan-1.9/ike-scan.c
--- ike-scan-1.9.old/ike-scan.c	2007-01-14 11:05:42.000000000 -0800
+++ ike-scan-1.9/ike-scan.c	2007-09-18 18:08:24.000000000 -0700
@@ -130,6 +130,7 @@
       {"id", required_argument, 0, 'n'},
       {"idtype", required_argument, 0, 'y'},
       {"dhgroup", required_argument, 0, 'g'},
+      {"dhkey", required_argument, 0, 'K'},
       {"patterns", required_argument, 0, 'p'},
       {"aggressive", no_argument, 0, 'A'},
       {"gssid", required_argument, 0, 'G'},
@@ -178,7 +179,7 @@
  * Digits:	01-3456789
  */
    const char *short_options =
-      "f:hs:d:r:t:i:b:w:vl:z:m:Ve:a:o::u:n:y:g:p:AG:I:qMRT::P::O:Nc:B:"
+      "f:hs:d:r:t:i:b:w:vl:z:m:Ve:a:o::u:n:y:g:K:p:AG:I:qMRT::P::O:Nc:B:"
       "L:Z:E:C:D:S:j:k:F:2X:";
    int arg;
    char arg_str[MAXLINE];	/* Args as string for syslog */
@@ -204,6 +205,7 @@
       0,			/* Lifesize data length */
       DEFAULT_AUTH_METHOD,	/* Authentication method */
       DEFAULT_DH_GROUP,		/* Diffie Hellman Group */
+      DEFAULT_DH_VAL,		/* Diffie Hellman Public Key */
       DEFAULT_IDTYPE,		/* IKE Identification type */
       NULL,			/* Identity data */
       0,			/* Identity data length */
@@ -468,6 +470,12 @@
          case 'g':	/* --dhgroup */
             ike_params.dhgroup = Strtoul(optarg, 10);
             break;
+         case 'K':
+            ike_params.dhval = Strtoul(optarg,10);
+            if( ike_params.dhval > 255 ) 
+                err_msg("ERROR: DH public key value only sets "
+                        "least significant byte");
+            break;
          case 'p':	/* --patterns */
             strncpy(patfile, optarg, MAXLINE);
             break;
@@ -2035,7 +2043,7 @@
                     params->dhgroup);
             break;	/* NOTREACHED */
       }
-      ke = make_ke(&ke_len, next_payload, kx_data_len);
+      ke = make_ke(&ke_len, next_payload, kx_data_len,params->dhval);
       if (psk_crack_flag)
          add_psk_crack_payload(ke, 4, 'I');
       *packet_out_len += ke_len;
@@ -2079,7 +2087,8 @@
                     params->dhgroup);
             break;	/* NOTREACHED */
       }
-      ke = make_ke2(&ke_len, next_payload, params->dhgroup, kx_data_len);
+      ke = make_ke2(&ke_len, next_payload, 
+                    params->dhgroup, kx_data_len,params->dhval);
       *packet_out_len += ke_len;
       next_payload = ISAKMP_NEXT_V2_KE;
    }
diff -Naur ike-scan-1.9.old/ike-scan.h ike-scan-1.9/ike-scan.h
--- ike-scan-1.9.old/ike-scan.h	2007-01-14 11:05:42.000000000 -0800
+++ ike-scan-1.9/ike-scan.h	2007-09-18 18:08:24.000000000 -0700
@@ -174,6 +174,7 @@
 #define DEFAULT_END_WAIT 60		/* Default time to wait at end in sec */
 #define DEFAULT_PATTERN_FUZZ 500	/* Default pattern fuzz in ms */
 #define DEFAULT_DH_GROUP 2		/* Default DH group for agg. mode */
+#define DEFAULT_DH_VAL  -1		/* Default random dh public key */
 #define DEFAULT_IDTYPE ID_USER_FQDN	/* Default ID Type for agg. mode */
 #define DEFAULT_EXCHANGE_TYPE ISAKMP_XCHG_IDPROT	/* Main Mode */
 #define DEFAULT_NONCE_LEN 20		/* Default Nonce length in bytes */
@@ -301,6 +302,7 @@
    size_t lifesize_data_len;
    unsigned auth_method;
    unsigned dhgroup;
+   int      dhval;
    unsigned idtype;
    unsigned char *id_data;
    size_t id_data_len;
@@ -393,8 +395,8 @@
                         void *);
 unsigned char* make_vid(size_t *, unsigned, unsigned char *, size_t);
 unsigned char* add_vid(int, size_t *, unsigned char *, size_t, unsigned);
-unsigned char* make_ke(size_t *, unsigned, size_t);
-unsigned char* make_ke2(size_t *, unsigned, unsigned, size_t);
+unsigned char* make_ke(size_t *, unsigned , size_t ,int);
+unsigned char* make_ke2(size_t *, unsigned, unsigned, size_t,int);
 unsigned char* make_nonce(size_t *, unsigned, size_t);
 unsigned char* make_id(size_t *, unsigned, unsigned, unsigned char *, size_t);
 unsigned char* make_cr(size_t *, unsigned, unsigned char *, size_t);
diff -Naur ike-scan-1.9.old/isakmp.c ike-scan-1.9/isakmp.c
--- ike-scan-1.9.old/isakmp.c	2007-01-14 11:05:42.000000000 -0800
+++ ike-scan-1.9/isakmp.c	2007-09-18 18:01:54.000000000 -0700
@@ -1225,7 +1225,7 @@
  *	Diffie Hellman public value.  However, we just use random data.
  */
 unsigned char*
-make_ke(size_t *length, unsigned next, size_t kx_data_len) {
+make_ke(size_t *length, unsigned next, size_t kx_data_len,int val) {
    unsigned char *payload;
    struct isakmp_kx* hdr;
    unsigned char *kx_data;
@@ -1240,8 +1240,13 @@
    memset(hdr, mbz_value, sizeof(struct isakmp_kx));
 
    kx_data = payload + sizeof(struct isakmp_kx);
-   for (i=0; i<kx_data_len; i++)
-      *(kx_data++) = (unsigned char) random_byte();
+   if( val < 0 ) {
+       for (i=0; i<kx_data_len; i++)
+          *(kx_data++) = (unsigned char) random_byte();
+   } else {
+       memset( kx_data , 0 , kx_data_len - 1 );
+       kx_data[kx_data_len - 1] = val;
+   }
 
    hdr->isakx_np = next;		/* Next payload type */
    hdr->isakx_length = htons(sizeof(struct isakmp_kx)+kx_data_len);
@@ -1269,7 +1274,8 @@
  *	Diffie Hellman public value.  However, we just use random data.
  */
 unsigned char*
-make_ke2(size_t *length, unsigned next, unsigned dh_group, size_t kx_data_len) {
+make_ke2(size_t *length, unsigned next, unsigned dh_group, 
+         size_t kx_data_len , int val) {
    unsigned char *payload;
    struct isakmp_kx2* hdr;
    unsigned char *kx_data;
@@ -1284,8 +1290,13 @@
    memset(hdr, mbz_value, sizeof(struct isakmp_kx2));
 
    kx_data = payload + sizeof(struct isakmp_kx2);
-   for (i=0; i<kx_data_len; i++)
-      *(kx_data++) = (unsigned char) random_byte();
+   if( val < 0 ) {
+       for (i=0; i<kx_data_len; i++)
+          *(kx_data++) = (unsigned char) random_byte();
+   } else {
+       memset(kx_data , 0 , kx_data_len - 1);
+       kx_data[kx_data_len - 1] = val;
+   }
 
    hdr->isakx2_np = next;		/* Next payload type */
    hdr->isakx2_length = htons(sizeof(struct isakmp_kx2)+kx_data_len);