03-14-2008 03:34 AM
Hi,
Probably it's me being stupid and there's a very simple explanation, but everytime I enter the following:
crypto map testmap 10 ipsec-isakmp
it accepts it fine but then when I sh run it it not in the config! I can't see how to sh crypto map in this version (PIX 7.06) but I think it's marked as incomplete. In any case the PIX doesn't see any interesting traffic and no tunnel is even attempted to be built.
Anyone come across this before? I'm not used to this PIX version so maybe I'm missing something.
Thanks,
J
p.s. also meant to say that the rest of the crypto map entries go in fine, and that I did a test VPN yesterday which worked.
03-14-2008 04:53 PM
'crypto map testmap 10 ipsec-isakmp' is incomplete command. PIX software should spit out an error saying incomplete command. If it doesn't then it has to be caveat in that version and that's the reason why you don't see that in the running configuration.
pixfirewall(config)# crypto map testmap 10 ipsec-isakmp ?
configure mode commands/options:
dynamic Entry is a dynamic map
pixfirewall(config)# crypto map testmap 10 ipsec-isakmp
ERROR: % Incomplete command
pixfirewall(config)# crypto map testmap 10 ?
configure mode commands/options:
ipsec-isakmp IPSec w/ISAKMP
match Match address of packets to encrypt
set Specify crypto map settings
pixfirewall(config)# crypto map testmap 10 set peer 10.1.1.2
pixfirewall(config)# show run crypto
crypto map testmap 10 set peer 10.1.1.2
HTH
Sundar
03-17-2008 07:52 AM
Thank you for your response Sundar. Actually I realised that this entry was not required like it was in older versions. I had a problem elsewhere in my config, which is why the tunnel was not coming up.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: