https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296956#M593849 <HTML><HEAD></HEAD><BODY><P>The access-list is correct...No problems...I was told if you try to add crypto map lines one at a time the PIX sees that as a incomplete crypto map and secures the PIX by locking down the outside interface.....</P></BODY></HTML> Tue, 23 Mar 2004 19:42:25 GMT 2004-03-23T19:42:25Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296954#M593845 <P>Does anyone know why my PIX 525 locks up when I apply my cryptomap command one line at a time ? I apply the following ACL first. But when I attempt to apply the first cryptomap line my PIX locks and I have to reboot it.......Any help would be greatly appreciated &gt;</P><P></P><P>access-list XXXXXtunnel permit ip xx.xx.0.0 255.192.0.0 xx.xx.18.0 255.255.255.0</P><P>access-list nonat permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 255.255.255.0</P><P>access-list acl-inside permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 xx.xx.xx.0</P><P></P><P></P><P>crypto map xxx_map 157 ipsec-isakmp</P><P>crypto map xxx_map 157 match address xxx-tunnel</P><P>crypto map xxx_map 157 set peer xx.4.xx.xx</P><P>crypto map xxx_map 157 set transform-set xxx_set</P><P></P> Fri, 21 Feb 2020 07:18:22 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296954#M593845 admin_2 2020-02-21T07:18:22Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296955#M593847 <HTML><HEAD></HEAD><BODY><P>are you sure your access list is not wrong, and blocking traffic? </P></BODY></HTML> Tue, 23 Mar 2004 01:43:42 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296955#M593847 mostiguy 2004-03-23T01:43:42Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296956#M593849 <HTML><HEAD></HEAD><BODY><P>The access-list is correct...No problems...I was told if you try to add crypto map lines one at a time the PIX sees that as a incomplete crypto map and secures the PIX by locking down the outside interface.....</P></BODY></HTML> Tue, 23 Mar 2004 19:42:25 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296956#M593849 2004-03-23T19:42:25Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296957#M593853 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have come across this problem when there are other entries already existing under the same crypto map and are already applied to an interface. </P><P></P><P>I found that by negating the crypto map interface command first, modifying the config and then re-applying the interface command this would work fine.</P><P></P><P>So ...</P><P></P><P>(1) no crypto map xxx_map interface outside</P><P>(2) apply crypto map config lines</P><P>(3) crypto map xxx_map interface outside</P><P></P><P>Of course you will lose existing tunnels if some already configured but then this happens if you reboot anyway!</P><P></P><P>Hope it helps</P></BODY></HTML> Thu, 25 Mar 2004 14:59:42 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296957#M593853 r.bishop 2004-03-25T14:59:42Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296958#M593856 <HTML><HEAD></HEAD><BODY><P>Awesome...That worked perfectly...Thanks</P></BODY></HTML> Thu, 25 Mar 2004 22:24:53 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296958#M593856 2004-03-25T22:24:53Z https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296959#M593859 <HTML><HEAD></HEAD><BODY><P>I've just managed to lock up our 525's doing exactly the same! The failover didn't work either, I had to drive to site and reboot both PIXes.</P><P></P><P>I should have checked this forum first....</P><P></P><P>Thanks for the fix.</P></BODY></HTML> Mon, 19 Apr 2004 20:27:17 GMT https://community.cisco.com/t5/network-security/crypto-map-commands-lock-up-pix-525/m-p/296959#M593859 SteveGodfrey 2004-04-19T20:27:17Z