:If I want to get the crypto map attached to the access-list "Oslo_VPN", :how do I parse it? 150k of text is to much, using | grep is not reliable :really...
You've been discussing the PIX 501, which cannot have a DMZ interface. You could in theory attach a VPN to the PIX 501 inside interface, but that would be quite uncommon. Thus on the 501 there is likely to only -be- one crypto map, and you could see it by
show run | grep crypto map
If you do happen to have multiple maps and you want to find the one that mentions a particular ACL such as Oslo_VPN then you can
show run | grep match address Oslo\\_VPN
Notice the '' before the '_' . Alternately, replace each '_' with a '.' :
show run | grep match address Oslo.VPN
:==> Second question.
:Let say I have 15 remote sites talking ipsec vpn to my paire.
You cannot have all of those simultaneously active on a PIX 501: the limit is 10 IKE peers for that 501.
:I need to kill the SA from one of those. So,
:ha-pix#clear crypto sa
:will kill any Phase 1 being established. But, this is applied to all of :those!!! How do I reset a phase 1 for a specific VPN and not for all?
In configuration mode, clear crypto sa peer 13.13.13.13
:==> Third and last question
:pix-ha#debug crypto isakmp
:I need to debug a specific isakmp association, not all of them! How do I :choose a specific VPN and not all of them?
There is no way to do that in PIX 6.3.