I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
isakmp identity hostname
isakmp policy 1 authentication rsa-sig
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
vpngroup unityclient idle-time 1800
I do a "no the line to remove" and a wr me.
When I check out the config file they are back. How do I get rid of the lines?
Also, would this be the reason that some users are not able to use VNC after they VPN into the network.
Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?
This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?
those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.