Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

need to remove a lan-to-lan vpn on pix 515e

Posted on 2006-07-11
6
450 Views
Last Modified: 2010-03-19
I need to remove (1) lan-to-lan vpn from a pix 515e with multible lan-to-lan vpns configured.
0
Comment
Question by:tebone68
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17087180
can you post a limited show run so we can tell you what ACL and Crypto map to remove?

Thanks
Scott
0
 
LVL 4

Expert Comment

by:johanvz1
ID: 17088762
Hi,

Easiest way is to login on the Web GUI Interface click on VPN or PPTP or what type of vpn is it will show you what you have click on it and delete the rule.However make sure the computer you want to open the firewall from has access to it via reserved IP address or MAC that is the easiest especially if you do not really have experience on firewalls.

Regards,

Johan
0
 

Author Comment

by:tebone68
ID: 17091978
I have never used the GUI for a pix. I was under the impression that you had to do a clear isakmp key and then put the remaining sites back in with the pre-shared keys that are associated with them? The problem is the client doesn't have the keys. I have heard if I do a write net the keys will show up in clear text?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17092352
not sure on the write net part of the question but I do know that the isakmp key if you changed that on all the sites and then reconfigured it locally to a new key that the one site would be dropped.  I would still delete the rules if you can a partial show run would help explain this.

Thanks
Scott
0
 

Author Comment

by:tebone68
ID: 17092395
I'm not onsite right now so I can't get that show run for you. It would have been nice if Cisco would have allowed a "no isakmp key" command to get ride of connections an easy way.

0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 250 total points
ID: 17092423
yes it would .... think that will be an option in the new 7.x code.

Thanks
Scott
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question