03-22-2003 05:57 AM - edited 02-20-2020 10:38 PM
I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
isakmp identity hostname
isakmp policy 1 authentication rsa-sig
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
vpngroup unityclient idle-time 1800
I do a "no the line to remove" and a wr me.
When I check out the config file they are back. How do I get rid of the lines?
Also, would this be the reason that some users are not able to use VNC after they VPN into the network.
Thanks
03-24-2003 06:29 AM
Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?
This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?
Matt
03-24-2003 08:06 AM
those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.
03-24-2003 08:20 AM
actually, i just proved myself wrong. do a : no isakmp policy 1
and see if that works. that should take it away.
03-24-2003 09:39 AM
Thanks
03-24-2003 09:05 AM
Hi,
no isakmp policy 1
should remove the lines.
Kind Regards,
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: