10-30-2009 10:32 AM
Hi, I created 1 Site to Site tunnel but 1 of the already created Tunnel has broken up.
before creating the tunnel
crypto map VPN 95 ipsec-isakmp
! Incomplete
after creating the tunnel
crypto map VPN 60 ipsec-isakmp
! Incomplete
crypto map VPN 95 ipsec-isakmp
! Incomplete
I dont know the reason, why it happened and whether above 2 lines are responsible or not.
Please suggest.
I found this 1 in Cisco:::
Every static crypto map must define an access list and an IPsec peer. If either is missing, the crypto map is incomplete and the security appliance drops any traffic that it has not already matched to an earlier, complete crypto map. Use the show conf command to ensure that every crypto map is complete. To fix an incomplete crypto map, remove the crypto map, add the missing entries, and reapply it.
We discourage the use of the any keyword to specify source or destination addresses in crypto access lists because they cause problems. We strongly discourage the permit any any command statement because it does the following:
â¢Protects all outbound traffic, including all protected traffic sent to the peer specified in the corresponding crypto map.
â¢Requires protection for all inbound traffic.
I created this accesslist too:-
access-list incoming permit ip host 27.24.29.18 any
what may be the reason that othet tunnel went off.
please tell me the troubleshooting steps too(Without using Debug commands)
Thanks
10-30-2009 10:52 AM
Here's an excellent VPN troubleshooting guide-
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
10-30-2009 11:35 AM
my solution is not there
10-30-2009 12:16 PM
Each static crypto map entry should have a peer IP Address as well as an access-list that defines interesting traffic.
Removing an access-list that was referenced in a crypto map will cause an incomplete crypto map.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide