Tuesday 23 July 2013

WARNING: The crypto map entry is incomplete!

I've often prepared my crypto maps in advance and then pasted them in. An error that has thrown me in the past is "WARNING: The crypto map entry is incomplete!". At the time I was working with some old PIX firewalls where I was never sure if it the firewall was actually going to do what it was told. Here is an example:

V1FWCL01(config)# crypto map S2S 190 match address CUSTOMER_ACL
WARNING: The crypto map entry is incomplete!
V1FWCL01(config)# crypto map S2S 190 set pfs group2
WARNING: The crypto map entry is incomplete!
V1FWCL01(config)# crypto map S2S 190 set peer  xx.xx.xx.xx xxx.xxx.xxx.xxx
WARNING: The crypto map entry is incomplete!
V1FWCL01(config)# crypto map S2S 190 set transform-set ESP-AES-128-SHA
V1FWCL01(config)# crypto map S2S 190 set security-association lifetime seconds 3600
V1FWCL01(config)# crypto map S2S 190 set security-association lifetime kilobytes 4608000

You will get this warning until the crypto map gets the 3 things it needs
  • The ACL
  • The peer address
  • The transform set
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)