Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN setup command query?

Hi,

I've noticed two set of commands on my asa 5520:

One states: "isakmp policy"

and the other states: "crypto isakmp policy"

Can someone please explain why there are two sets and what the difference is, and when would you use one over the other?

Thanks

Dan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: VPN setup command query?

Dan

They do the same thing. The isakmp policy commands have been replaced with the crypto isakmp policy commands -

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2191760

Jon

Re: VPN setup command query?

Dan-

There is no difference between the two.

ASA1(config)# isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

ASA1(config)# crypto isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

"iskamp policy" is left over from the 6.x code, I have to assume for backwards compatibility.

Hope that helps.

5 REPLIES
Hall of Fame Super Blue

Re: VPN setup command query?

Dan

They do the same thing. The isakmp policy commands have been replaced with the crypto isakmp policy commands -

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2191760

Jon

Re: VPN setup command query?

Dan-

There is no difference between the two.

ASA1(config)# isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

ASA1(config)# crypto isakmp ?

configure mode commands/options:

am-disable Disable inbound aggressive mode connections

client Set client configuration policy (DEPRECATED - see 'help

isakmp')

disconnect-notify Enable disconnect notification to peers

enable Enable ISAKMP on the specified interface

identity Set identity type (address, hostname or key-id)

ipsec-over-tcp Enable and configure IPSec over TCP

keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')

key Set pre-shared key for remote peer (DEPRECATED - see 'help

isakmp')

nat-traversal Enable and configure nat-traversal

peer Set xauth and config mode exemption for the specified peer

(DEPRECATED - see 'help isakmp')

policy Set ISAKMP policy suite

reload-wait Wait for voluntary termination of existing connections

before reboot

"iskamp policy" is left over from the 6.x code, I have to assume for backwards compatibility.

Hope that helps.

Re: VPN setup command query?

Sorry for the hijacking Jon, you're still quicker than I am.

Hall of Fame Super Blue

Re: VPN setup command query?

Collin

No need to apologize, i've done it to you before.

Key thing is that we both agree :-)

Jon

Re: VPN setup command query?

Im not hijacking here just commenting - the more additional info the better

472
Views
0
Helpful
5
Replies
CreatePlease to create content