cisco PIX 501 crypto map error "WARNING: This crypto map is incomplete"

Posted on 2008-11-06
Medium Priority
Last Modified: 2012-08-13
I wish to add a second VPN  tunnel, however when I issue the second crypto map settings the pix returns the following error:
 "WARNING: This crypto map is incomplete. To remedy the situation add a peer and a valid access-list to this crypto map".
 Note I have separate ACL lists for crypto maps and no-nat as I am aware of the issue regarding viewing and editing in the PDM software while using one access-list.
I have also tried issuing the following command to suspend the current tunnels while configuring "no crypto map transam interface outside", however to no avail.

Please can someone advise the correct way to issue multiple crypto maps?
Question by:The-Chief
  • 3
  • 2
LVL 43

Accepted Solution

JFrederick29 earned 300 total points
ID: 22895962
Add an additional sequence number to the existing crypto map.  You can only assign one crypto map to an interface.  You will always get that message when you are adding a crypto map based on the nature of applying the commands.

For example:

crypto map transam 100 match address 100
crypto map transam 100 set peer x.x.x.x
crypto map transam 100 set transform-set esp-3des-sha

crypto map transam 200 match address 200
crypto map transam 200 set peer y.y.y.y
crypto map transam 200 set transform-set esp-3des-sha

Author Comment

ID: 22896501
Have tried that already, and everything looks ok after "show run" command.

However whenever I add a new crypto map and view the settings in the PDM gui under IPsec Rules, it reads (Null Rule) after the ip address.

Is this a bug with the PDM software?

Also as previously stated by JFrederick29: can the initial CLI warning message be ignored when adding additional crypto maps?
LVL 43

Expert Comment

ID: 22897090
Can you post the crypto map running-configuration?  Not to my knowledge that it can be ignored.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Assisted Solution

ricks_v earned 300 total points
ID: 22947365
looks like you have not mentioned peer internet address on the config:
crypto map transam 100 set peer (x.x.x.x ) --> double check this
for acl issue, you can try this command
sysopt connection permit-ipsec   (to bypass acl for all ipsec traffic)

Author Comment

ID: 22949694
Looks like there is a underlying problem with the settings for the second tunnel. .
I can t connect over the second tunnel on its own.
I ll have to sort this out first before attempting to connect 2 tunnels at once.

Author Closing Comment

ID: 31513863
Thanks guys.
However I have a problem with the second tunnel settings so will have to sort that out first before attempting multiple ones.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question