03-22-2003 05:57 AM - edited 02-20-2020 10:38 PM
I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
isakmp identity hostname
isakmp policy 1 authentication rsa-sig
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
vpngroup unityclient idle-time 1800
I do a "no the line to remove" and a wr me.
When I check out the config file they are back. How do I get rid of the lines?
Also, would this be the reason that some users are not able to use VNC after they VPN into the network.
Thanks
03-24-2003 06:29 AM
Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?
This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?
Matt
03-24-2003 08:06 AM
those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.
03-24-2003 08:20 AM
actually, i just proved myself wrong. do a : no isakmp policy 1
and see if that works. that should take it away.
03-24-2003 09:39 AM
Thanks
03-24-2003 09:05 AM
Hi,
no isakmp policy 1
should remove the lines.
Kind Regards,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide