Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Removing lines from PIX 515 config

I'm trying to cleanup the config on a PIX 515. I am trying to remove the following lines:

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

isakmp identity hostname

isakmp policy 1 authentication rsa-sig

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

vpngroup unityclient idle-time 1800

I do a "no the line to remove" and a wr me.

When I check out the config file they are back. How do I get rid of the lines?

Also, would this be the reason that some users are not able to use VNC after they VPN into the network.


  • Other Security Subjects

Re: Removing lines from PIX 515 config

Those lines are all part of a vpn configuration. Are you sure that they are not required by your configuration?

This most likely does not have anything to do with user's ability to use VNC through a VPN connection. Do they have trouble with any other protocols? Can they ping the machines they wish to VNC to through the vpn?


New Member

Re: Removing lines from PIX 515 config

those are all the "default" parameters in the IKE phase 1 from a pix perspective. just like many times in other cisco gear, i don't believe...i could be wrong, that you can get rid of these.

New Member

Re: Removing lines from PIX 515 config

actually, i just proved myself wrong. do a : no isakmp policy 1

and see if that works. that should take it away.

New Member

Re: Removing lines from PIX 515 config


Re: Removing lines from PIX 515 config


no isakmp policy 1

should remove the lines.

Kind Regards,


This widget could not be displayed.