... to keep from being locked out, you should remove the crypto map from the interface, i.e., "no crypto map interface outside".
This will kill any new crypto sessions from being initiated, and I am not sure if it also kills the current crypto sessions, but it will keep you from being locked out. If you don't do this, you will experience the problem you are having. The PIX is still functioning, and doing its job, its just doing its job extra well now because it has no crypto definitions to run against in its process of analyzing packets coming in from the outside. Bounce the PIX (by calling someone to do it for you), and you should have your access restored. -Mark -----Original Message----- From: Leo Song [mailto:lsong@;dataphile.ca] Sent: Friday, October 25, 2002 11:02 PM To: [EMAIL PROTECTED] Subject: Lock out by PIX [7:56342] Hi, there. I connected to a PIX through Outside interface by using SSH, and to do some changes on the VPN tunnel, first of all I remove the "crypto map xxx match address xxx" in order to change that ACL, but just after that I was locked out and lost the connection to that PIX, and now I can't even ping that PIX while I can do so before, and my concern and questions is: 1. is that PIX still working "properly", say the users could get access Outside from Inside, and it just lock SSH out or any access from Outside. 2. what's the general suggested methods or steps when dealing with ACL or Tunnel changes on a PIX, in order to avoid being locked out. 3. is there any remedy sloution at present, (and I don't have physical access to that PIX right now? Appreciate all of your help. Leo Best Regards. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56343&t=56342 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]