Removing lines from PIX 515 config

Unanswered Question
Mar 22nd, 2003
User Badges:

I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

isakmp identity hostname

isakmp policy 1 authentication rsa-sig

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

vpngroup unityclient idle-time 1800

I do a "no the line to remove" and a wr me.

When I check out the config file they are back. How do I get rid of the lines?

Also, would this be the reason that some users are not able to use VNC after they VPN into the network.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?

This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?


b-pelphrey Mon, 03/24/2003 - 08:06
User Badges:

those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.

b-pelphrey Mon, 03/24/2003 - 08:20
User Badges:

actually, i just proved myself wrong. do a : no isakmp policy 1

and see if that works. that should take it away.

tvanginneken Mon, 03/24/2003 - 09:05
User Badges:
  • Silver, 250 points or more


no isakmp policy 1

should remove the lines.

Kind Regards,



This Discussion