Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

[ERR] crypto map on 501

I'm getting this error when trying to set up a second tunnel.

We have a 501 in each of 3 offices. We have a tunnel established between head office and one remote office. We are getting this problem when we try to set up a second tunnel to a second remote office.

[OK] no isakmp key *** address

[OK] isakmp key p@rkxxxxxxx address netmask no-xauth no-config-mode

[OK] isakmp policy 40 authen pre-share

[OK] isakmp policy 40 encrypt 3des

[OK] isakmp policy 40 hash md5

[OK] isakmp policy 40 group 2

[OK] isakmp enable outside

[OK] access-list inside_outbound_nat0_acl line 2 permit ip host

[OK] nat (inside) 0 access-list inside_outbound_nat0_acl

[OK] access-list outside_cryptomap_40 permit ip host

[ERR]crypto map outside_map 40 set peer

WARNING: This crypto map is incomplete.

To remedy the situation add a peer and a valid access-list to this crypto map.

[OK] crypto map outside_map 40 match address outside_cryptomap_40

[OK] crypto map outside_map 40 set transform-set ESP-DES-MD5

[OK] crypto map outside_map 40 set security-association lifetime seconds 28800 kilobytes 4608000

[OK] crypto map outside_map interface outside

[OK] sysopt connection permit-ipsec


Re: [ERR] crypto map on 501

the warning message is shown to remind you the instance 40 is not completed yet.

to further troubleshoot, would you please post the completed config with public ip masked, as well as the codes you were attempting to apply for the second vpn.

New Member

Re: [ERR] crypto map on 501

please add the following command.

crypto map outside_map 40 ipsec-isakmp

CreatePlease login to create content