Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Cannot establish a LAN-to-LAN VPN tunnel to a PIX/ASA Firewall due to a invalid local address


To resolve this issue, you can reload the PIX/ASA Firewall or perform the indicated steps. The commands you enter may differ from the ones shown, depending on your PIX configuration:

  1. Unapply the crypto map from the interface by issuing the no crypto map mymap interface outside command.  
  2. Disable Internet Security Association and Key Management Protocol (ISAKMP), by issuing the no isakmp enable outside command.  
  3. Clear the ISAKMP and IPSec security associations by issuing the clear crypto ipsec sa and clear crypto isakmp sa commands.  
  4. Enable ISAKMP by issuing the isakmp enable interface-name command.  
  5. Reapply the crypto map, by issuing the crypto map map-name interface interface-name command.
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:26 PM
Updated by:
Labels (1)