cant remove crypto map commands?

Unanswered Question
Oct 22nd, 2008

I see the following in a show run on my 5510 but I cannot remove any of them (using the word no before the command as it appears here is the only method I have tried)

Whats the deal?

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map TUNNEL1 10 set security-association lifetime seconds 28800

crypto map TUNNEL1 10 set security-association lifetime kilobytes 4608000

crypto map UNNEL2 10 set security-association lifetime seconds 28800

crypto map UNNEL2 10 set security-association lifetime kilobytes 4608000

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
husycisco Wed, 10/22/2008 - 05:13

Hello Chris,

Try using "clear config crypto map ....." and "clear config crypto ipsec....." commands in configure terminal mode.

Regards

slug420 Wed, 10/22/2008 - 05:36

the first 2 lines remain:

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

Is this a bug or is clear config crypto map the only way you are supposed to be able to remove these lines (the ones that it removed)?

husycisco Wed, 10/22/2008 - 06:36

They might be either bound to a transform set configuration that cant be removed without removing transform-set first, or an IPSEC SA is established using these settings and in use. Try clearing ipsec sa first, if doesnt work, tryremoving the transform set, and then remove above settings.

clear crypto ipsec sa

k.yohendi Mon, 03/30/2009 - 20:54

Hi all,

I bumped into the same problem on ASA 8.0(4).

I have removed all configuration, but it seems like on ASA 8.0(4), the default ipsec lifetime cannot be removed as in previous version of ASA software.

When I downgraded the ASA to 8.0(3) the command "crypto ipsec security-association lifetime"

can be removed without problem.

Is it how it supposed to be in ASA 8.0.4? or is it a bug?

thanks

slug420 Tue, 03/31/2009 - 04:53

[sarcasm]

I think "Is this a bug?" and "Is this how it is supposed to be in Version " mean the same thing.

One would assume that the goal with the 7.x and 8.x trains IS to introduce new quirks and bugs (in addition to adding unnecessary functionality and removing useful features)...it has been an epic fail if there objective was anything different.

[/sarcasm]

Actions

This Discussion