https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567232#M526802 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>With every peer we need to add a crypto access list which tells the pix what all traffic needs to be send through that tunnel for that peer.</P><P></P><P>This warning comes if you define a peer and match list is not defined.</P><P></P><P>I can see that you have defined the match address after defining the peer so that is why you got that warning.</P><P></P><P>crypto map newmap 31 match address outside_cryptomap_31 </P><P></P><P>You dont need to worry,it looks fine.check the config and you should see both the set peer and match address in the crypto config.</P><P></P><P></P><P>hope this helps.</P><P></P><P>Tanveer</P></BODY></HTML> Mon, 06 Mar 2006 06:11:45 GMT thamdani 2006-03-06T06:11:45Z https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567231#M526798 <P>I get this warning when setting up site to site vpn using pdm 3.0 on pix 515 ver 6.3(4)</P><P>[OK] isakmp key @############## address 66.45.80.156 netmask 255.255.255.255 no-xauth no-config-mode</P><P>[OK] pdm location 10.128.174.128 255.255.255.224 outside</P><P>[OK] pdm location 10.128.174.192 255.255.255.224 outside</P><P>[OK] access-list 100 line 3 permit ip 192.168.1.0 255.255.255.0 10.128.174.128 255.255.255.224 </P><P>[OK] access-list 100 line 4 permit ip 192.168.1.0 255.255.255.0 10.128.174.192 255.255.255.224 </P><P>[OK] nat (inside) 0 access-list 100</P><P>[OK] access-list outside_cryptomap_31 permit ip 192.168.1.0 255.255.255.0 10.128.174.128 255.255.255.224 </P><P>[OK] access-list outside_cryptomap_31 permit ip 192.168.1.0 255.255.255.0 10.128.174.192 255.255.255.224 </P><P>[ERR]crypto map newmap 31 set peer 66.45.80.156</P><P> WARNING: This crypto map is incomplete. To remedy the situation add a peer and a valid access-list to this crypto map.</P><P>[OK] crypto map newmap 31 match address outside_cryptomap_31</P><P>[OK] crypto map newmap 31 set transform-set basis</P><P>[OK] crypto map newmap 31 set security-association lifetime seconds 28800 kilobytes 4608000</P><P>[OK] crypto map newmap interface outside</P><P>[OK] sysopt connection permit-ipsec</P><P>everything looks ok when i go through the steps.</P> Fri, 21 Feb 2020 08:45:11 GMT https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567231#M526798 dsdtnt1957 2020-02-21T08:45:11Z https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567232#M526802 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>With every peer we need to add a crypto access list which tells the pix what all traffic needs to be send through that tunnel for that peer.</P><P></P><P>This warning comes if you define a peer and match list is not defined.</P><P></P><P>I can see that you have defined the match address after defining the peer so that is why you got that warning.</P><P></P><P>crypto map newmap 31 match address outside_cryptomap_31 </P><P></P><P>You dont need to worry,it looks fine.check the config and you should see both the set peer and match address in the crypto config.</P><P></P><P></P><P>hope this helps.</P><P></P><P>Tanveer</P></BODY></HTML> Mon, 06 Mar 2006 06:11:45 GMT https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567232#M526802 thamdani 2006-03-06T06:11:45Z https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567233#M526806 <HTML><HEAD></HEAD><BODY><P>So I dont need to go back and add another peer and access list ?</P><P>Then why does my tunel not come up</P><P></P><P>Result of firewall command: "sh crypto isakmp sa"</P><P> </P><P>Total : 0</P><P>Embryonic : 0</P><P> dst src state pending created</P></BODY></HTML> Mon, 06 Mar 2006 14:30:21 GMT https://community.cisco.com/t5/network-security/pix-515-warning/m-p/567233#M526806 dsdtnt1957 2006-03-06T14:30:21Z