Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no longer available

cciesec2011 · ‎04-23-2011

Pix version 8.0(4)

When configuring VPN on the Pix, I notice that the command "crypto map xxx 10 ipsec-isakmp <return>" is no longer available:

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?

configure mode commands/options:
dynamic Entry is a dynamic map
CiscoPix(config)#

When did Cisco remove this command from the Pix configuration?

Marcin Latosiewicz · ‎04-23-2011

Hi,

The command was last available in PIX 6.3:

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

The command was changed to:

crypto map XX set ...

Just like.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2193237

The change appeared from 6.3 to 7.0.

Marcin

cciesec2011 · ‎04-23-2011

Please be sure to do some research before making some statements like that. I just reload my Pix with version 7.0.(4) and how do you explain this:

CiscoPix(config)# sh ver

Cisco PIX Security Appliance Software Version 7.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

CiscoPix up 2 mins 56 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0           : address is 000d.28b1.a580, irq 10
1: Ext: Ethernet1           : address is 000d.28b1.a581, irq 11
2: Ext: Ethernet2           : address is 0005.5d18.ad00, irq 11
3: Ext: Ethernet3           : address is 0005.5d18.ad01, irq 10
4: Ext: Ethernet4           : address is 0005.5d18.ad02, irq 9
5: Ext: Ethernet5           : address is 0005.5d18.ad03, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: xxxxxxx
Running Activation Key:xxx xxxx xxxx xxxx xxxx
Configuration last modified by enable_15 at 00:03:14.703 UTC Fri Jan 1 1993
CiscoPix(config)#

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?

configure mode commands/options:
dynamic Entry is a dynamic map

CiscoPix(config)#

Marcin Latosiewicz · ‎04-24-2011

cciesec2011 wrote:
Please be sure to do some research before making some statements like that.  I just reload my Pix with version 7.0.(4) and how do you explain this:
CiscoPix(config)# sh ver
Cisco PIX Security Appliance Software Version 7.0(4)

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp  ?
configure mode commands/options:
  dynamic  Entry is a dynamic map
  
CiscoPix(config)#

I have one explanation.

Migration from PIX 6.3 to 7.0.

If you look into command reference for PIX 7.0 command does not appear

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html

The parser retains old syntax so old-style synax can be migrated ....

And please be aware that I'm not making "statments" of any kind, I'm trying to help out, if you don't need my insight I will try to remember about it.