j_crow1
asked on
How to remove Site to site VPN - Cisco PIX
We have shut down 2 of our sites and I would like to take the site-to-site information out of the cisco pix. The following config is just the cryptomap and isakmp parts. Thanks.
sysopt connection tcpmss 1200
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map Example 20 ipsec-isakmp
crypto map Example 20 match address 120
crypto map Example 20 set peer IP ADDRESS 1
crypto map Example 20 set transform-set myset
crypto map Example 21 ipsec-isakmp
crypto map Example 21 match address 121
crypto map Example 21 set peer IP ADDRESS 2
crypto map Example 21 set transform-set myset
crypto map Example 22 ipsec-isakmp
crypto map Example 22 match address 122
crypto map Example 22 set peer IP ADDRESS 3
crypto map Example 22 set transform-set myset
crypto map Example 30 ipsec-isakmp
crypto map Example 30 match address 130
crypto map Example 30 set peer IP ADDRESS 4
crypto map Example 30 set transform-set myset
crypto map Example 31 ipsec-isakmp
crypto map Example 31 match address 131
crypto map Example 31 set peer IP ADDRESS 5
crypto map Example 31 set transform-set myset
crypto map Example 32 ipsec-isakmp
crypto map Example 32 match address 132
crypto map Example 32 set peer IP ADDRESS 6
crypto map Example 32 set transform-set myset
crypto map Example interface outside
isakmp enable outside
isakmp key ******** address IP ADDRESS 1 netmask 255.255.255.255
isakmp key ******** address IP ADDRESS 2 netmask 255.255.255.255
isakmp key ******** address IP ADDRESS 3 netmask 255.255.255.255
isakmp key ******** address IP ADDRESS 4 netmask 255.255.255.255
isakmp key ******** address IP ADDRESS 5 netmask 255.255.255.255
isakmp key ******** address IP ADDRESS 6 netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
ASKER
I dont want to delete all of them, just those 2 that arent in use anymore - I am running version 6.3
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ccs:
I get type help or '?' for a list of available commands.
I get type help or '?' for a list of available commands.
you have to be in configuration mode for the PIX to accept the command. After you login, type
conf t
then enter the no variants of the commands.
conf t
then enter the no variants of the commands.
ASKER
Thanks for the help!
Wht version are you running?
Can you try clear crypto isakmp sa and then rebooting?
TB