Re: PIX 515 - Unable to create multiple ISAKMP Entries

roy-sam · ‎09-29-2004

Whenever I entered the following commands,

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 20 auth pre-share

isakmp policy 20 encry 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

And I did a wr mem, I only see isakmp policy 10 but

not 20. I try to use different policy priority number but PIX seems to accept the commands but it does not show up in the show run.

What could be the caused? I have upgraded my PIX from 6.2(2) to 6.3(3), the problem still exists.

gfullage · ‎09-29-2004

Why would you want two identical policies, that's just a waste of negotiation time. In fact, if you watch the command line closely when you do a "wr mem" you'll see the following:

PIX(config)# sho isakmp

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

PIX(config)# wr mem

Building configuration...

isakmp policy 20 is superceded by identical policy 10

[OK]

PIX(config)#

PIX(config)# sho isakmp

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

PIX(config)#

roy-sam · ‎09-29-2004

You're right. I have overlooked that they are infact the same policy. Thanks Glenn!!