06-22-2008 11:34 AM - edited 03-11-2019 06:02 AM
I have an ASA5510 7.2
I have an old crypto map coming up in debug that I am trying to get rid of.
I used the "no cry map x" to remove and I am getting this:
"IPSEC(crypto_map_check): crypto map Map 7 incomplete. No peer ,access-list or
transform-set specified."
when I do a "sh run all crypto" I can see remnants of this config:
crypto map 7 set connection-type bi-directional
crypto map 7 set security-association lifetime seconds 28800
crypto map 7 set security-association lifetime kilobytes 4608000
crypto map 7 set inheritance rule
crypto map 7 set phase1-mode main
I have read I can do a "clear config cry map Map 7"
But I do not have the option of "config" when I do "clear"
How can I remove this ghost crypto map?
This does not work:
no crypto map 7 set connection-type bi-directional
no crypto map 7 set security-association lifetime seconds 28800
no crypto map 7 set security-association lifetime kilobytes 4608000
no crypto map 7 set inheritance rule
no crypto map 7 set phase1-mode main
Solved! Go to Solution.
06-22-2008 12:53 PM
Richard
You should be able to do
asa(config)# clear configure crypto map Map 7
Does this not work ?
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c2_72.html#wp2158588
Jon
06-22-2008 12:53 PM
Richard
You should be able to do
asa(config)# clear configure crypto map Map 7
Does this not work ?
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c2_72.html#wp2158588
Jon
06-22-2008 05:12 PM
Jon,
That worked. I tried that earlier, but don't know what I did wrong.
Thanks once again for the help.
Do you usually go straight to the command reference for issues like this?
I guess that is what I need to be doing.
I have a post about the IPS and Firewall as seperate levels of access if you are up for it.
06-23-2008 03:17 AM
Richard
IPS not something i have much experience with to be honest so not sure how much help i can be.
"Do you usually go straight to the command reference for issues like this?"
I often refer to the configuration guides/command references if i either can't remember something or need to confirm something. It's often the quickest way. You may already know this but just in case
easiest way (for me anyway) to get to these docs is from the Cisco home page select "Products and Services" from bar along the top.
You get a drop down box and you can select your category - in this instance "Security".
You are then presented with a page with all the security products. Select the product you are interested in eg.
"Cisco ASA 5500 Series Adaptive Security Appliances"
and then on the next page as you scroll down there is a box headed "Support". In this box are links to command references/configuration docs etc. for the product.
You can do this with all major products.
Apologies if i am telling you something you already know, it's just that sometimes Cisco info can be a bit hard to find.
Jon
06-23-2008 09:42 AM
No need to apologize jon,
You have always been a great help with a pleasant demeanor.
I appreciate greatly your willingness to assist guys like me.
I ususally go to the support docs, but they almost never are a help because they are so generic for the most part.
06-22-2008 12:57 PM
Hi Wilson
Begin with the removal of the crypto map from the interface. Use the no form of the crypto map command.
ASA(config)#no crypto map mymap interface outside
Continue to use the no form to remove the other crypto map commands.
ASA(config)#no crypto map 7 set connection-type bi-directional
ASA(config)#no crypto map 7 set security-association lifetime seconds 28800
ASA(config)#no crypto map 7 set security-association lifetime kilobytes 4608000
ASA(config)#no crypto map 7 set inheritance rule
ASA(config)#no crypto map 7 set phase1-mode main
If you remove a crypto map from an interface, it definitely brings down any IPsec tunnels
associated with that crypto map, you will then need to apply the crypto map back to the interface.
HTH
Regards MJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide