strange crypto map config problem

jigsaw2026 · ‎03-14-2008

Hi,

Probably it's me being stupid and there's a very simple explanation, but everytime I enter the following:

crypto map testmap 10 ipsec-isakmp

it accepts it fine but then when I sh run it it not in the config! I can't see how to sh crypto map in this version (PIX 7.06) but I think it's marked as incomplete. In any case the PIX doesn't see any interesting traffic and no tunnel is even attempted to be built.

Anyone come across this before? I'm not used to this PIX version so maybe I'm missing something.

Thanks,

J

p.s. also meant to say that the rest of the crypto map entries go in fine, and that I did a test VPN yesterday which worked.

sundar.palaniappan · ‎03-14-2008

'crypto map testmap 10 ipsec-isakmp' is incomplete command. PIX software should spit out an error saying incomplete command. If it doesn't then it has to be caveat in that version and that's the reason why you don't see that in the running configuration.

pixfirewall(config)# crypto map testmap 10 ipsec-isakmp ?

configure mode commands/options:

dynamic Entry is a dynamic map

pixfirewall(config)# crypto map testmap 10 ipsec-isakmp

ERROR: % Incomplete command

pixfirewall(config)# crypto map testmap 10 ?

configure mode commands/options:

ipsec-isakmp IPSec w/ISAKMP

match Match address of packets to encrypt

set Specify crypto map settings

pixfirewall(config)# crypto map testmap 10 set peer 10.1.1.2

pixfirewall(config)# show run crypto

crypto map testmap 10 set peer 10.1.1.2

HTH

Sundar

jigsaw2026 · ‎03-17-2008

Thank you for your response Sundar. Actually I realised that this entry was not required like it was in older versions. I had a problem elsewhere in my config, which is why the tunnel was not coming up.