10-08-2012 03:09 AM
Hi,
Is it possible to disable the crypto isakmp default policy with the command "no crypto isakmp enable". Apparently the IOS does not support the command "no crypto isakmp default policy". I was thinking if this could be an alternative solution.
Thanks,
Neil
10-08-2012 03:24 AM
Hi,
if you do this then here's what's gonna happen:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_c4.html#wp1046383
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 03:34 AM
Hi Alain,
I have already seen the link, this where I based my question. If I disable the crypto isakmp enable, will this also disable the Default protection suite or the only way is to command "no crypto isakmp default policy"?
Regards,
Neil
10-08-2012 03:45 AM
Yes, you can disable the default isakmp policy on IOS, and it is only supported from version 12.4(20)T and higher.
Here is the command for your reference:
10-08-2012 04:04 AM
Hi Jennifer,
cool info.
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 07:40 AM
Hi Jennifer,
Thanks for the reply. I know that is possible but we have a limitation on the IOS version. So that's why I was thinking of other ways to do it like disabling the isakmp itself. Besides "no crypto isakmp default policy" is there no other way possible? Do you guys know if "no crypto isakmp enable" also disables the isakmp default policy?
Thanks,
Neil
10-08-2012 09:58 AM
Hi,
why don't you just do it then do a sh crypto isa policy ?
My feeling is that it won't but i've never tried it before.
Regards.
Alain
Don't forget to rate helpful posts.
10-08-2012 12:30 PM
That would disable the capabilities of terminating the IPSec Tunnel using IKE. Do you still use the router to terminate IPSec VPN, or you just want to disable IPSec VPN all together?
By the way, what version is your IOS?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide