PIX to ASA crypto incomplete command

Hi Expert,

I need to enable an old VPN connection with a 3rd party..  we didn't recreate the VPN when we moved from the PIX 515e to our ASA5505..  (IOS 8.1)

Here the command that cause problem.  That command was working on the PIX…

crypto map pixmap 10 ipsec-isakmp ( incomplete command )
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
crypto ipsec transform-set VPNAS400set esp-3des esp-sha-hmac
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
isakmp key ******* address 207.236.158.200 netmask 255.255.255.255 no-xauth no-config-mode

I also set the access-list as before..

Any help  and any idea how can I verify the VPN connection..
C2enterpriseAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
I think you're missing "crypto map pixmap 10 set transform-set VPNAS400set" and "crypto isakmp enable outside".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
C2enterpriseAuthor Commented:
Hi Jmeggers,
 that one wasn't there...  thanks... crypto map pixmap 10 set transform-set VPNAS400set
The other was already there.

When i try the crypto map pixmap 10 ipsec-isakmp  still incompleted command..  
0
C2enterpriseAuthor Commented:
when i try that command
crypto map pixmap 10 ipsec-isakmp ?
the possible anwser is dynamic
crypto map pixmap 10 ipsec-isakmp dynamic ?
word to dynamic map..

what thats mean?
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

shubhanshu_jaiswalCommented:
The below command is not required in ASA..
crypto map pixmap 10 ipsec-isakmp
0
C2enterpriseAuthor Commented:
Hello,

and what should replace or complete these 2?
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
0
C2enterpriseAuthor Commented:
After i add this one crypto map pixmap 10 set transform-set VPNAS400set
the others didn't give me any error..  

how can i look if my VPN is active?
0
shubhanshu_jaiswalCommented:
show crypto isakmp sa
show crypto ipsec sa

post the output of above commands..
0
Ernie BeekExpertCommented:
Those warnings are default when setting up the crypto map statements. Because you haven't given all the commands for a complete setup allready it warns you (duh).
I've been fooled by that a couple of times as well.

When you try to connect to any machine through the tunnel, it should show in the ASDM log.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.