Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1755
Views
0
Helpful
3
Replies

Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no longer available

cciesec2011
Level 3
Level 3

‎04-23-2011 10:32 AM - edited ‎02-21-2020 05:18 PM

Pix version 8.0(4)

When configuring VPN on the Pix, I notice that the command "crypto map xxx 10 ipsec-isakmp <return>" is no longer available:

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?

configure mode commands/options:
  dynamic  Entry is a dynamic map
CiscoPix(config)#

When did Cisco remove this command from the Pix configuration?

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎04-23-2011 11:33 AM

Hi,


The command was last available in PIX 6.3:

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

The command was changed to:

crypto map XX set ...

Just like.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2193237

The change appeared from 6.3 to 7.0.

Marcin

0 Helpful

cciesec2011
Level 3
Level 3
In response to Marcin Latosiewicz

‎04-23-2011 04:25 PM

Please be sure to do some research before making some statements like that.  I just reload my Pix with version 7.0.(4) and how do you explain this:

CiscoPix(config)# sh ver

Cisco PIX Security Appliance Software Version 7.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

CiscoPix up 2 mins 56 secs

Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0           : address is 000d.28b1.a580, irq 10
1: Ext: Ethernet1           : address is 000d.28b1.a581, irq 11
2: Ext: Ethernet2           : address is 0005.5d18.ad00, irq 11
3: Ext: Ethernet3           : address is 0005.5d18.ad01, irq 10
4: Ext: Ethernet4           : address is 0005.5d18.ad02, irq 9
5: Ext: Ethernet5           : address is 0005.5d18.ad03, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: xxxxxxx
Running Activation Key:xxx  xxxx xxxx  xxxx xxxx
Configuration last modified by enable_15 at 00:03:14.703 UTC Fri Jan 1 1993
CiscoPix(config)#

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp  ?

configure mode commands/options:
  dynamic  Entry is a dynamic map
 
CiscoPix(config)#

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to cciesec2011

‎04-24-2011 01:55 AM 

cciesec2011 wrote:
Please be sure to do some research before making some statements like that.  I just reload my Pix with version 7.0.(4) and how do you explain this:
CiscoPix(config)# sh ver
Cisco PIX Security Appliance Software Version 7.0(4)

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp  ?
configure mode commands/options:
  dynamic  Entry is a dynamic map
  
CiscoPix(config)#

I have one explanation.

Migration from PIX 6.3 to 7.0.

If you look into command reference for PIX 7.0 command does not appear

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html

The parser retains old syntax so old-style synax can be migrated ....

And please be aware that I'm not making "statments" of any kind, I'm trying to help out, if you don't need my insight I will try to remember about it.

0 Helpful
Customers Also Viewed These Support Documents