cant remove crypto map commands?

Unanswered Question
Oct 22nd, 2008
User Badges:

I see the following in a show run on my 5510 but I cannot remove any of them (using the word no before the command as it appears here is the only method I have tried)


Whats the deal?


crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map TUNNEL1 10 set security-association lifetime seconds 28800

crypto map TUNNEL1 10 set security-association lifetime kilobytes 4608000

crypto map UNNEL2 10 set security-association lifetime seconds 28800

crypto map UNNEL2 10 set security-association lifetime kilobytes 4608000


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
husycisco Wed, 10/22/2008 - 05:13
User Badges:
  • Gold, 750 points or more

Hello Chris,

Try using "clear config crypto map ....." and "clear config crypto ipsec....." commands in configure terminal mode.


Regards

slug420 Wed, 10/22/2008 - 05:36
User Badges:

the first 2 lines remain:

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000



Is this a bug or is clear config crypto map the only way you are supposed to be able to remove these lines (the ones that it removed)?

husycisco Wed, 10/22/2008 - 06:36
User Badges:
  • Gold, 750 points or more

They might be either bound to a transform set configuration that cant be removed without removing transform-set first, or an IPSEC SA is established using these settings and in use. Try clearing ipsec sa first, if doesnt work, tryremoving the transform set, and then remove above settings.


clear crypto ipsec sa

k.yohendi Mon, 03/30/2009 - 20:54
User Badges:

Hi all,

I bumped into the same problem on ASA 8.0(4).


I have removed all configuration, but it seems like on ASA 8.0(4), the default ipsec lifetime cannot be removed as in previous version of ASA software.


When I downgraded the ASA to 8.0(3) the command "crypto ipsec security-association lifetime"

can be removed without problem.


Is it how it supposed to be in ASA 8.0.4? or is it a bug?


thanks

slug420 Tue, 03/31/2009 - 04:53
User Badges:

[sarcasm]


I think "Is this a bug?" and "Is this how it is supposed to be in Version " mean the same thing.


One would assume that the goal with the 7.x and 8.x trains IS to introduce new quirks and bugs (in addition to adding unnecessary functionality and removing useful features)...it has been an epic fail if there objective was anything different.


[/sarcasm]

Actions

This Discussion