Not really sure it matters, you'll be able to get rid of the ACL at any point. Make sure you've removed the crypto map from the interface before you do any of this, otherwise you may lock yourself out of the router. Also, the middle line should be removed just with:
> no crypto map cfmap 20
Don't put the "ipsec-isakmp" on the end of it, it'll complain IIRC.
Thanks for the reply. Just want to make sure what you're saying. I have 3 crypto maps right now and want to remove 1. If I do a "no crypto map cfmap" on e0. Will I lose connection to the router and for 2 other sites too? FYI, I have to do this remotely.
Is this the way to do it?
no crypto map cfmap
no crypto isakmp key sharedsecret address 205.206.*.*
OK, in that case, make sure you remove the crypto map instance BEFORE you remove the ACL.
Do the following:
no crypto map cfmap 20
no access-list 102
no crypto isakmp key........
The safest way to do this is to remove the crypto map off the interface first, but yes, that will bring down the other two tunnels. You always run the risk of locking yourself out of the router if you play with crypto stuff and ACL's with the map still applied to the interface and you do things in the wrong order. (I won't tell you how many times I've done it, and I like to think I know what I'm doing :-) )
OK, since I'm doing this remotely, I can't do much after removing the crypto map off the interface. So I'll have to find other ways without losing connection. I don't want to tell the person at the remote site to restart the router for the third time. He's already pissed. :((
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :