Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Crypto map commands lock-up PIX 525

Does anyone know why my PIX 525 locks up when I apply my cryptomap command one line at a time ? I apply the following ACL first. But when I attempt to apply the first cryptomap line my PIX locks and I have to reboot it.......Any help would be greatly appreciated >

access-list XXXXXtunnel permit ip xx.xx.0.0 255.192.0.0 xx.xx.18.0 255.255.255.0

access-list nonat permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 255.255.255.0

access-list acl-inside permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 xx.xx.xx.0

crypto map xxx_map 157 ipsec-isakmp

crypto map xxx_map 157 match address xxx-tunnel

crypto map xxx_map 157 set peer xx.4.xx.xx

crypto map xxx_map 157 set transform-set xxx_set

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Crypto map commands lock-up PIX 525

Hi,

I have come across this problem when there are other entries already existing under the same crypto map and are already applied to an interface.

I found that by negating the crypto map interface command first, modifying the config and then re-applying the interface command this would work fine.

So ...

(1) no crypto map xxx_map interface outside

(2) apply crypto map config lines

(3) crypto map xxx_map interface outside

Of course you will lose existing tunnels if some already configured but then this happens if you reboot anyway!

Hope it helps

5 REPLIES
Silver

Re: Crypto map commands lock-up PIX 525

are you sure your access list is not wrong, and blocking traffic?

Anonymous
N/A

Re: Crypto map commands lock-up PIX 525

The access-list is correct...No problems...I was told if you try to add crypto map lines one at a time the PIX sees that as a incomplete crypto map and secures the PIX by locking down the outside interface.....

New Member

Re: Crypto map commands lock-up PIX 525

Hi,

I have come across this problem when there are other entries already existing under the same crypto map and are already applied to an interface.

I found that by negating the crypto map interface command first, modifying the config and then re-applying the interface command this would work fine.

So ...

(1) no crypto map xxx_map interface outside

(2) apply crypto map config lines

(3) crypto map xxx_map interface outside

Of course you will lose existing tunnels if some already configured but then this happens if you reboot anyway!

Hope it helps

Anonymous
N/A

Re: Crypto map commands lock-up PIX 525

Awesome...That worked perfectly...Thanks

New Member

Re: Crypto map commands lock-up PIX 525

I've just managed to lock up our 525's doing exactly the same! The failover didn't work either, I had to drive to site and reboot both PIXes.

I should have checked this forum first....

Thanks for the fix.

121
Views
5
Helpful
5
Replies
This widget could not be displayed.