cisco PIX 501 crypto map error "WARNING: This crypto map is incomplete"

I wish to add a second VPN  tunnel, however when I issue the second crypto map settings the pix returns the following error:
 "WARNING: This crypto map is incomplete. To remedy the situation add a peer and a valid access-list to this crypto map".
 Note I have separate ACL lists for crypto maps and no-nat as I am aware of the issue regarding viewing and editing in the PDM software while using one access-list.
I have also tried issuing the following command to suspend the current tunnels while configuring "no crypto map transam interface outside", however to no avail.

Please can someone advise the correct way to issue multiple crypto maps?
The-ChiefAsked:
Who is Participating?
 
JFrederick29Commented:
Add an additional sequence number to the existing crypto map.  You can only assign one crypto map to an interface.  You will always get that message when you are adding a crypto map based on the nature of applying the commands.

For example:

crypto map transam 100 match address 100
crypto map transam 100 set peer x.x.x.x
crypto map transam 100 set transform-set esp-3des-sha

crypto map transam 200 match address 200
crypto map transam 200 set peer y.y.y.y
crypto map transam 200 set transform-set esp-3des-sha
0
 
The-ChiefAuthor Commented:
Have tried that already, and everything looks ok after "show run" command.

However whenever I add a new crypto map and view the settings in the PDM gui under IPsec Rules, it reads (Null Rule) after the ip address.

Is this a bug with the PDM software?

Also as previously stated by JFrederick29: can the initial CLI warning message be ignored when adding additional crypto maps?
0
 
JFrederick29Commented:
Can you post the crypto map running-configuration?  Not to my knowledge that it can be ignored.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ricks_vCommented:
looks like you have not mentioned peer internet address on the config:
crypto map transam 100 set peer (x.x.x.x ) --> double check this
for acl issue, you can try this command
sysopt connection permit-ipsec   (to bypass acl for all ipsec traffic)
0
 
The-ChiefAuthor Commented:
Looks like there is a underlying problem with the settings for the second tunnel. .
I can t connect over the second tunnel on its own.
I ll have to sort this out first before attempting to connect 2 tunnels at once.
Thanks
0
 
The-ChiefAuthor Commented:
Thanks guys.
However I have a problem with the second tunnel settings so will have to sort that out first before attempting multiple ones.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.