03-22-2004 05:38 PM - edited 02-20-2020 11:18 PM
Does anyone know why my PIX 525 locks up when I apply my cryptomap command one line at a time ? I apply the following ACL first. But when I attempt to apply the first cryptomap line my PIX locks and I have to reboot it.......Any help would be greatly appreciated >
access-list XXXXXtunnel permit ip xx.xx.0.0 255.192.0.0 xx.xx.18.0 255.255.255.0
access-list nonat permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 255.255.255.0
access-list acl-inside permit ip xx.xx.0.0 xx.xx.0.0 xx.xx.xx.0 xx.xx.xx.0
crypto map xxx_map 157 ipsec-isakmp
crypto map xxx_map 157 match address xxx-tunnel
crypto map xxx_map 157 set peer xx.4.xx.xx
crypto map xxx_map 157 set transform-set xxx_set
Solved! Go to Solution.
03-25-2004 06:59 AM
Hi,
I have come across this problem when there are other entries already existing under the same crypto map and are already applied to an interface.
I found that by negating the crypto map interface command first, modifying the config and then re-applying the interface command this would work fine.
So ...
(1) no crypto map xxx_map interface outside
(2) apply crypto map config lines
(3) crypto map xxx_map interface outside
Of course you will lose existing tunnels if some already configured but then this happens if you reboot anyway!
Hope it helps
03-22-2004 05:43 PM
are you sure your access list is not wrong, and blocking traffic?
03-23-2004 11:42 AM
The access-list is correct...No problems...I was told if you try to add crypto map lines one at a time the PIX sees that as a incomplete crypto map and secures the PIX by locking down the outside interface.....
03-25-2004 06:59 AM
Hi,
I have come across this problem when there are other entries already existing under the same crypto map and are already applied to an interface.
I found that by negating the crypto map interface command first, modifying the config and then re-applying the interface command this would work fine.
So ...
(1) no crypto map xxx_map interface outside
(2) apply crypto map config lines
(3) crypto map xxx_map interface outside
Of course you will lose existing tunnels if some already configured but then this happens if you reboot anyway!
Hope it helps
03-25-2004 02:24 PM
Awesome...That worked perfectly...Thanks
04-19-2004 01:27 PM
I've just managed to lock up our 525's doing exactly the same! The failover didn't work either, I had to drive to site and reboot both PIXes.
I should have checked this forum first....
Thanks for the fix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide