04-23-2011 10:32 AM - edited 02-21-2020 05:18 PM
Pix version 8.0(4)
When configuring VPN on the Pix, I notice that the command "crypto map xxx 10 ipsec-isakmp <return>" is no longer available:
CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?
configure mode commands/options:
dynamic Entry is a dynamic map
CiscoPix(config)#
When did Cisco remove this command from the Pix configuration?
04-23-2011 11:33 AM
Hi,
The command was last available in PIX 6.3:
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654
The command was changed to:
crypto map XX set ...
Just like.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2193237
The change appeared from 6.3 to 7.0.
Marcin
04-23-2011 04:25 PM
Please be sure to do some research before making some statements like that. I just reload my Pix with version 7.0.(4) and how do you explain this:
CiscoPix(config)# sh ver
Cisco PIX Security Appliance Software Version 7.0(4)
Compiled on Thu 13-Oct-05 21:43 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"
CiscoPix up 2 mins 56 secs
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 000d.28b1.a580, irq 10
1: Ext: Ethernet1 : address is 000d.28b1.a581, irq 11
2: Ext: Ethernet2 : address is 0005.5d18.ad00, irq 11
3: Ext: Ethernet3 : address is 0005.5d18.ad01, irq 10
4: Ext: Ethernet4 : address is 0005.5d18.ad02, irq 9
5: Ext: Ethernet5 : address is 0005.5d18.ad03, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: xxxxxxx
Running Activation Key:xxx xxxx xxxx xxxx xxxx
Configuration last modified by enable_15 at 00:03:14.703 UTC Fri Jan 1 1993
CiscoPix(config)#
CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?
configure mode commands/options:
dynamic Entry is a dynamic map
CiscoPix(config)#
04-24-2011 01:55 AM
cciesec2011 wrote:
Please be sure to do some research before making some statements like that. I just reload my Pix with version 7.0.(4) and how do you explain this:
CiscoPix(config)# sh ver
Cisco PIX Security Appliance Software Version 7.0(4)
CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?
configure mode commands/options:
dynamic Entry is a dynamic map
CiscoPix(config)#
I have one explanation.
Migration from PIX 6.3 to 7.0.
If you look into command reference for PIX 7.0 command does not appear
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html
The parser retains old syntax so old-style synax can be migrated ....
And please be aware that I'm not making "statments" of any kind, I'm trying to help out, if you don't need my insight I will try to remember about it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: