• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1907
  • Last Modified:

PIX to ASA crypto incomplete command

Hi Expert,

I need to enable an old VPN connection with a 3rd party..  we didn't recreate the VPN when we moved from the PIX 515e to our ASA5505..  (IOS 8.1)

Here the command that cause problem.  That command was working on the PIX…

crypto map pixmap 10 ipsec-isakmp ( incomplete command )
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
crypto ipsec transform-set VPNAS400set esp-3des esp-sha-hmac
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
isakmp key ******* address 207.236.158.200 netmask 255.255.255.255 no-xauth no-config-mode

I also set the access-list as before..

Any help  and any idea how can I verify the VPN connection..
0
C2enterprise
Asked:
C2enterprise
3 Solutions
 
John MeggersNetwork ArchitectCommented:
I think you're missing "crypto map pixmap 10 set transform-set VPNAS400set" and "crypto isakmp enable outside".
0
 
C2enterpriseAuthor Commented:
Hi Jmeggers,
 that one wasn't there...  thanks... crypto map pixmap 10 set transform-set VPNAS400set
The other was already there.

When i try the crypto map pixmap 10 ipsec-isakmp  still incompleted command..  
0
 
C2enterpriseAuthor Commented:
when i try that command
crypto map pixmap 10 ipsec-isakmp ?
the possible anwser is dynamic
crypto map pixmap 10 ipsec-isakmp dynamic ?
word to dynamic map..

what thats mean?
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
shubhanshu_jaiswalCommented:
The below command is not required in ASA..
crypto map pixmap 10 ipsec-isakmp
0
 
C2enterpriseAuthor Commented:
Hello,

and what should replace or complete these 2?
crypto map pixmap 10 match address MatchTangerine (WARNING: The crypto map entry is incomplete!)
crypto map pixmap 10 set peer 207.236.158.200 (WARNING: The crypto map entry is incomplete!)
0
 
C2enterpriseAuthor Commented:
After i add this one crypto map pixmap 10 set transform-set VPNAS400set
the others didn't give me any error..  

how can i look if my VPN is active?
0
 
shubhanshu_jaiswalCommented:
show crypto isakmp sa
show crypto ipsec sa

post the output of above commands..
0
 
Ernie BeekExpertCommented:
Those warnings are default when setting up the crypto map statements. Because you haven't given all the commands for a complete setup allready it warns you (duh).
I've been fooled by that a couple of times as well.

When you try to connect to any machine through the tunnel, it should show in the ASDM log.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now