C2enterprise
asked on
PIX to ASA crypto incomplete command
Hi Expert,
I need to enable an old VPN connection with a 3rd party.. we didn't recreate the VPN when we moved from the PIX 515e to our ASA5505.. (IOS 8.1)
Here the command that cause problem. That command was working on the PIX…
crypto map pixmap 10 ipsec-isakmp ( incomplete command )
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
crypto ipsec transform-set VPNAS400set esp-3des esp-sha-hmac
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
isakmp key ******* address 207.236.158.200 netmask 255.255.255.255 no-xauth no-config-mode
I also set the access-list as before..
Any help and any idea how can I verify the VPN connection..
I need to enable an old VPN connection with a 3rd party.. we didn't recreate the VPN when we moved from the PIX 515e to our ASA5505.. (IOS 8.1)
Here the command that cause problem. That command was working on the PIX…
crypto map pixmap 10 ipsec-isakmp ( incomplete command )
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
crypto ipsec transform-set VPNAS400set esp-3des esp-sha-hmac
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
isakmp key ******* address 207.236.158.200 netmask 255.255.255.255 no-xauth no-config-mode
I also set the access-list as before..
Any help and any idea how can I verify the VPN connection..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
when i try that command
crypto map pixmap 10 ipsec-isakmp ?
the possible anwser is dynamic
crypto map pixmap 10 ipsec-isakmp dynamic ?
word to dynamic map..
what thats mean?
crypto map pixmap 10 ipsec-isakmp ?
the possible anwser is dynamic
crypto map pixmap 10 ipsec-isakmp dynamic ?
word to dynamic map..
what thats mean?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello,
and what should replace or complete these 2?
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
and what should replace or complete these 2?
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
ASKER
After i add this one crypto map pixmap 10 set transform-set VPNAS400set
the others didn't give me any error..
how can i look if my VPN is active?
the others didn't give me any error..
how can i look if my VPN is active?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Those warnings are default when setting up the crypto map statements. Because you haven't given all the commands for a complete setup allready it warns you (duh).
I've been fooled by that a couple of times as well.
When you try to connect to any machine through the tunnel, it should show in the ASDM log.
I've been fooled by that a couple of times as well.
When you try to connect to any machine through the tunnel, it should show in the ASDM log.
ASKER
that one wasn't there... thanks... crypto map pixmap 10 set transform-set VPNAS400set
The other was already there.
When i try the crypto map pixmap 10 ipsec-isakmp still incompleted command..