Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

unknown config lines


rebuilding a pix and wondering what the following are in reference to and if I need them anymore. i have suspicions that they are related to a previous install of vpn but if someone could let me know if i can remove them it would help clean up a lot.


sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set vpnset esp-des esp-md5-hmac

crypto dynamic-map vpnmap 10 set transform-set vpnset

crypto map vpnmap 10 ipsec-isakmp dynamic vpnmap

crypto map vpnmap client configuration address initiate

crypto map vpnmap client configuration address respond

crypto map vpnmap interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp identity address

isakmp client configuration address-pool local vpnpool outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 86400

vpngroup intercept address-pool vpnpool

vpngroup intercept default-domain corporate

<--- More --->

vpngroup intercept split-tunnel 80

vpngroup intercept idle-time 1800

vpngroup intercept password ********



Re: unknown config lines


as you might have guessed, all these lines are related to vpn traffic. If you are not using vpn for the moment, you can savely remove them with these commands:

no crypto map vpnmap

no vpngroup intercept

no isakmp policy 10

no ....

Have you already added a lot of new config? Maybe it is easier to reset to pix to the factory defaults with the 'write erase' command?

Kind Regards,


CreatePlease to create content