Dan

They do the same thing. The isakmp policy commands have been replaced with the crypto isakmp policy commands -

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2191760

Jon

Dan-

There is no difference between the two.

ASA1(config)# isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

ASA1(config)# crypto isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

"iskamp policy" is left over from the 6.x code, I have to assume for backwards compatibility.

Hope that helps.