strange crypto map config problem

Unanswered Question
Mar 14th, 2008
User Badges:

Hi,


Probably it's me being stupid and there's a very simple explanation, but everytime I enter the following:


crypto map testmap 10 ipsec-isakmp


it accepts it fine but then when I sh run it it not in the config! I can't see how to sh crypto map in this version (PIX 7.06) but I think it's marked as incomplete. In any case the PIX doesn't see any interesting traffic and no tunnel is even attempted to be built.


Anyone come across this before? I'm not used to this PIX version so maybe I'm missing something.


Thanks,

J


p.s. also meant to say that the rest of the crypto map entries go in fine, and that I did a test VPN yesterday which worked.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
sundar.palaniappan Fri, 03/14/2008 - 16:53
User Badges:
  • Green, 3000 points or more

'crypto map testmap 10 ipsec-isakmp' is incomplete command. PIX software should spit out an error saying incomplete command. If it doesn't then it has to be caveat in that version and that's the reason why you don't see that in the running configuration.



pixfirewall(config)# crypto map testmap 10 ipsec-isakmp ?


configure mode commands/options:

dynamic Entry is a dynamic map

pixfirewall(config)# crypto map testmap 10 ipsec-isakmp

ERROR: % Incomplete command


pixfirewall(config)# crypto map testmap 10 ?


configure mode commands/options:

ipsec-isakmp IPSec w/ISAKMP

match Match address of packets to encrypt

set Specify crypto map settings

pixfirewall(config)# crypto map testmap 10 set peer 10.1.1.2

pixfirewall(config)# show run crypto

crypto map testmap 10 set peer 10.1.1.2


HTH


Sundar


jigsaw2026 Mon, 03/17/2008 - 07:52
User Badges:

Thank you for your response Sundar. Actually I realised that this entry was not required like it was in older versions. I had a problem elsewhere in my config, which is why the tunnel was not coming up.

Actions

This Discussion