Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto Map Incomplete

Hi, I created 1 Site to Site tunnel but 1 of the already created Tunnel has broken up.

before creating the tunnel

crypto map VPN 95 ipsec-isakmp

! Incomplete

after creating the tunnel

crypto map VPN 60 ipsec-isakmp

! Incomplete

crypto map VPN 95 ipsec-isakmp

! Incomplete

I dont know the reason, why it happened and whether above 2 lines are responsible or not.

Please suggest.

I found this 1 in Cisco:::

Every static crypto map must define an access list and an IPsec peer. If either is missing, the crypto map is incomplete and the security appliance drops any traffic that it has not already matched to an earlier, complete crypto map. Use the show conf command to ensure that every crypto map is complete. To fix an incomplete crypto map, remove the crypto map, add the missing entries, and reapply it.

We discourage the use of the any keyword to specify source or destination addresses in crypto access lists because they cause problems. We strongly discourage the permit any any command statement because it does the following:

•Protects all outbound traffic, including all protected traffic sent to the peer specified in the corresponding crypto map.

•Requires protection for all inbound traffic.

I created this accesslist too:-

access-list incoming permit ip host 27.24.29.18 any

what may be the reason that othet tunnel went off.

please tell me the troubleshooting steps too(Without using Debug commands)

Thanks

3 REPLIES

Re: Crypto Map Incomplete

New Member

Re: Crypto Map Incomplete

my solution is not there

Bronze

Re: Crypto Map Incomplete

Each static crypto map entry should have a peer IP Address as well as an access-list that defines interesting traffic.

Removing an access-list that was referenced in a crypto map will cause an incomplete crypto map.

8288
Views
0
Helpful
3
Replies
CreatePlease login to create content