Deleting Cisco PIX Point to Point VPN
Posted on 2006-06-29
We have just had a relationship with one of our suppliers terminate upbruptly. We have a an existing point to point vpn with them to one of our data servers. How can I delete the VPN or at least change the key or something in the config so the connection will fail until I can get an engineer onsite to properly delete the vpn. We have a PIX 515e and also have several other VPNs to other sites that need to remain active.
I tried to simply preface the existing config for this VPN with "no", as it worked for deleting the software initiated VPNGROUP.
no crypto map mymap 10 ipsec-isakmp
no crypto map mymap 10 match address 102
no crypto map mymap 10 set peer xxx.xxx.119.135 (actual ip was used, x's used here for privacy)
no crypto map mymap 10 set transform-set myset
no isakmp policy 10 authentication pre-share
no isakmp policy 10 encryption 3des
no isakmp policy 10 hash md5
no isakmp policy 10 group 2
no isakmp policy 10 lifetime 86400
Now the config looks like this:
crypto map mymap 10 ipsec-isakmp
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
I''ve done a WRITE MEM, but no change. The VPN is still up, or at least I can still connect to their server.
There is also a line in the config:
isakmp key ******** address xxx.xxx.119.135 netmask 255.255.255.255 no-xauth no-
But I have not yet figured out the correct syntax to attempt to edit/delete this.