Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no longer available

Pix version 8.0(4)

When configuring VPN on the Pix, I notice that the command "crypto map xxx 10 ipsec-isakmp <return>" is no longer available:

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp ?

configure mode commands/options:
  dynamic  Entry is a dynamic map
CiscoPix(config)#

When did Cisco remove this command from the Pix configuration?

3 REPLIES
Cisco Employee

Re: Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no long

Hi,


The command was last available in PIX 6.3:

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

The command was changed to:

crypto map XX set ...

Just like.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2193237

The change appeared from 6.3 to 7.0.

Marcin

New Member

Re: Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no long

Please be sure to do some research before making some statements like that.  I just reload my Pix with version 7.0.(4) and how do you explain this:

CiscoPix(config)# sh ver

Cisco PIX Security Appliance Software Version 7.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

CiscoPix up 2 mins 56 secs

Hardware:   PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0           : address is 000d.28b1.a580, irq 10
1: Ext: Ethernet1           : address is 000d.28b1.a581, irq 11
2: Ext: Ethernet2           : address is 0005.5d18.ad00, irq 11
3: Ext: Ethernet3           : address is 0005.5d18.ad01, irq 10
4: Ext: Ethernet4           : address is 0005.5d18.ad02, irq 9
5: Ext: Ethernet5           : address is 0005.5d18.ad03, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: xxxxxxx
Running Activation Key:xxx  xxxx xxxx  xxxx xxxx
Configuration last modified by enable_15 at 00:03:14.703 UTC Fri Jan 1 1993
CiscoPix(config)#

CiscoPix(config)# crypto map vpn 10 ipsec-isakmp  ?

configure mode commands/options:
  dynamic  Entry is a dynamic map
 
CiscoPix(config)#

Cisco Employee

Re: Pix 8.0(4) "crypto map xxx 10 ipsec-isakmp <return>" no long

cciesec2011 wrote:

Please be sure to do some research before making some statements like that.  I just reload my Pix with version 7.0.(4) and how do you explain this:

CiscoPix(config)# sh ver

Cisco PIX Security Appliance Software Version 7.0(4)


CiscoPix(config)# crypto map vpn 10 ipsec-isakmp  ?

configure mode commands/options:
  dynamic  Entry is a dynamic map
 
CiscoPix(config)#

I have one explanation.

Migration from PIX 6.3 to 7.0.

If you look into command reference for PIX 7.0 command does not appear

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html

The parser retains old syntax so old-style synax can be migrated ....

And please be aware that I'm not making "statments" of any kind, I'm trying to help out, if you don't need my insight I will try to remember about it.

1149
Views
0
Helpful
3
Replies