the first 2 lines remain:

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

Is this a bug or is clear config crypto map the only way you are supposed to be able to remove these lines (the ones that it removed)?

They might be either bound to a transform set configuration that cant be removed without removing transform-set first, or an IPSEC SA is established using these settings and in use. Try clearing ipsec sa first, if doesnt work, tryremoving the transform set, and then remove above settings.

clear crypto ipsec sa

Hi all,

I bumped into the same problem on ASA 8.0(4).

I have removed all configuration, but it seems like on ASA 8.0(4), the default ipsec lifetime cannot be removed as in previous version of ASA software.

When I downgraded the ASA to 8.0(3) the command "crypto ipsec security-association lifetime"

can be removed without problem.

Is it how it supposed to be in ASA 8.0.4? or is it a bug?

thanks

[sarcasm]

I think "Is this a bug?" and "Is this how it is supposed to be in Version " mean the same thing.

One would assume that the goal with the 7.x and 8.x trains IS to introduce new quirks and bugs (in addition to adding unnecessary functionality and removing useful features)...it has been an epic fail if there objective was anything different.

[/sarcasm]