https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458319#M652008 <P>Why would a crypto isakmp policy not be loaded from the startup-config into the running-config during a reload?&nbsp; We had five policies, only four of which are in the running-config now.&nbsp; No changes had been made after reload.&nbsp; Thanx!</P> Mon, 11 Mar 2019 18:29:32 GMT pootboy69 2019-03-11T18:29:32Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458319#M652008 <P>Why would a crypto isakmp policy not be loaded from the startup-config into the running-config during a reload?&nbsp; We had five policies, only four of which are in the running-config now.&nbsp; No changes had been made after reload.&nbsp; Thanx!</P> Mon, 11 Mar 2019 18:29:32 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458319#M652008 pootboy69 2019-03-11T18:29:32Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458320#M652020 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Only reason why this would happen is if the startup-config has only 4 policies. Are you sure the configuration was saved to the startup-config prior to the reload?</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Mon, 23 Aug 2010 16:22:28 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458320#M652020 praprama 2010-08-23T16:22:28Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458321#M652032 <HTML><HEAD></HEAD><BODY><P>I did a backup, using the ASDM prior to making any changes.&nbsp; The policy exists in the startup-config, but did not transfer to the running-config during the reload.&nbsp; I do not understand how this could happen.</P></BODY></HTML> Mon, 23 Aug 2010 16:24:31 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458321#M652032 pootboy69 2010-08-23T16:24:31Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458322#M652036 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>So when you do a "show start" you see the configured isakmp policy but not when you do a "show run"? If that's the case, can you do a "copy start run" and see if it copies now?</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Mon, 23 Aug 2010 16:53:05 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458322#M652036 praprama 2010-08-23T16:53:05Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458323#M652046 <HTML><HEAD></HEAD><BODY><P>I have to schedule this for off-hours.&nbsp; I will simply manually enter the policy, after I've verified that's the only command that did not load.&nbsp; I still don't see how the reload could have missed it.&nbsp; Thanx so much for your assistance!</P><P></P><P>Regerds,</P><P></P><P>Wolf</P></BODY></HTML> Mon, 23 Aug 2010 16:56:33 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458323#M652046 pootboy69 2010-08-23T16:56:33Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458324#M652060 <HTML><HEAD></HEAD><BODY><P>OK, so I tried entering the commands directly into the ASA:</P><P><SPAN lang="EN"></SPAN></P><P></P><P></P><P>I did this with ASDM as well as through the command line.&nbsp; It never showed up in the configuration when I did a "show running-config crypto isakmp". </P><P></P><P></P><P></P><P>crypto isakmp policy 20 authentication pre-share</P><P>crypto isakmp policy 20 encryption 3des</P><P>crypto isakmp policy 20 hash md5</P><P>crypto isakmp policy 20 group 2</P><P>crypto isakmp policy 20 lifetime 86400</P><P></P><P></P><P>What's going on?&nbsp; Thanx!</P><P></P><P>Regards,</P><P></P><P>Wolf</P><P></P></BODY></HTML> Mon, 23 Aug 2010 18:10:45 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458324#M652060 pootboy69 2010-08-23T18:10:45Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458325#M652071 <HTML><HEAD></HEAD><BODY><P>My apologies . . . I meant to reply to you, but wound up replying to myself.&nbsp; Here's what I said:</P><P></P><P>OK, so I tried entering the commands directly into the ASA:</P><P><SPAN lang="EN"></SPAN></P><P>I did this with ASDM as well as through the command line.&nbsp; It never showed up in the configuration when I did a "show running-config crypto isakmp".</P><P></P><P>crypto isakmp policy 20 authentication pre-share</P><P>crypto isakmp policy 20 encryption 3des</P><P>crypto isakmp policy 20 hash md5</P><P>crypto isakmp policy 20 group 2</P><P>crypto isakmp policy 20 lifetime 86400</P><P></P><P>What's going on?&nbsp; Thanx!</P><P></P><P>Regards,</P><P></P><P>Wolf</P><P></P></BODY></HTML> Tue, 24 Aug 2010 18:15:35 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458325#M652071 pootboy69 2010-08-24T18:15:35Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458326#M652080 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you send the output of "show run all crypto isakmp" and if possible a session log of when you are tryong to add this new policy? What are the other isakmp policies that you have configured? What version is your ASA running?</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Wed, 25 Aug 2010 00:33:23 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458326#M652080 praprama 2010-08-25T00:33:23Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458327#M652085 <HTML><HEAD></HEAD><BODY><P>Prapanch,</P><P></P><P>Thanks, again, for your respponse.&nbsp; While, as a CCNA for almost ten years, I have had much experience with all manner of Cisco hardware and software, the ASA continues to challenge me, even though I have attended the first classrom course offered on the device.</P><P></P><P>We are running v8.2(2) at all locations.&nbsp; I have added this policy to our backup ASA with no problem.&nbsp; As the primary ASA is critical and a reload has to be scheduled well in advance, I cannot simply do that on a whim to test the integrity of the startup-configuration, even though I have verified that isakmp policy 20 exists there.</P><P></P><P>Attached is the file with the information you requested.&nbsp; Note that the commands appear to have been accepted during input, but mysteriously disappear when a "sh run all crypto isakmp" command is issued.&nbsp; Thank you!</P><P></P><P>Regards,</P><P></P><P>Wolf</P></BODY></HTML> Wed, 25 Aug 2010 13:07:34 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458327#M652085 pootboy69 2010-08-25T13:07:34Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458328#M652090 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Seems to be a perfect match of the bug CSCtd61244. You might want to consider an upgrade to a recent release.</P><P></P><P>Regards,</P><P>Prapanch</P></BODY></HTML> Wed, 25 Aug 2010 15:42:00 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458328#M652090 praprama 2010-08-25T15:42:00Z https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458329#M652095 <HTML><HEAD></HEAD><BODY><P>Thank you, Prapanch!&nbsp; I will read the upgrade document and look into upgrading so as not to impact out current NAT configuration.</P><P></P><P>Regards,</P><P></P><P>Wolf</P></BODY></HTML> Wed, 25 Aug 2010 15:51:54 GMT https://community.cisco.com/t5/network-security/missing-crypto-policy/m-p/1458329#M652095 pootboy69 2010-08-25T15:51:54Z