Removing lines from PIX 515 config

Unanswered Question
Mar 22nd, 2003

I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

isakmp identity hostname

isakmp policy 1 authentication rsa-sig

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

vpngroup unityclient idle-time 1800

I do a "no the line to remove" and a wr me.

When I check out the config file they are back. How do I get rid of the lines?

Also, would this be the reason that some users are not able to use VNC after they VPN into the network.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
mostiguy@netnum... Mon, 03/24/2003 - 06:29

Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?

This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?

Matt

b-pelphrey Mon, 03/24/2003 - 08:06

those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.

b-pelphrey Mon, 03/24/2003 - 08:20

actually, i just proved myself wrong. do a : no isakmp policy 1

and see if that works. that should take it away.

Actions

Login or Register to take actions

This Discussion

Posted March 22, 2003 at 5:57 AM
Stats:
Replies:5 Avg. Rating:
Views:226 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard