Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16864
Views
5
Helpful
5
Replies

Crypto map has incomplete entries message

Go to solution
jason.williams
Level 1
Level 1

‎08-21-2013 07:41 AM

I'm working on building a configuration on a 5540 running 9.1.2 for L2L VPN.  When I reload the device, I get this message:

.WARNING: crypto map has incomplete entries

*** Output from config line 10665, "crypto map L2LVPN interf..."

I seems it's giving me the error on the line where the crypto map is assigned to the outside interface.  Unfortunately this message really is not very helpful.  I do not have this in production yet. Is there any way I can find out where my problem may be?

Thanks.

Jason

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-21-2013 07:46 AM

Hi,

This usually indicates that one L2L VPN connection Crypto Map configuration is missing some essential parameter to make it complete.

So issue the command

show run crypto map

Then make sure that the following lines exists

crypto map match address

crypto map set peer

crypto map set ikev1 transform-set

If any of the 3 things mentioned above are missing then the crypto map configuration is deemed incomplete and doesnt have the information needed for that L2L VPN to function.

Atleast this is what it seems to me.

Hope it helps

- Jouni

View solution in original post

5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-21-2013 07:46 AM

Hi,

This usually indicates that one L2L VPN connection Crypto Map configuration is missing some essential parameter to make it complete.

So issue the command

show run crypto map

Then make sure that the following lines exists

crypto map match address

crypto map set peer

crypto map set ikev1 transform-set

If any of the 3 things mentioned above are missing then the crypto map configuration is deemed incomplete and doesnt have the information needed for that L2L VPN to function.

Atleast this is what it seems to me.

Hope it helps

- Jouni

Go to solution
jason.williams
Level 1
Level 1
In response to Jouni Forss

‎08-21-2013 08:28 AM

That was it.  I was missing a match ACL line.  I just wish it would have been more specific.  I had over 100 crypto maps in there.  It could say "hey it looks like something is missing in crypto map x"?

Thanks for your help.

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to jason.williams

‎08-21-2013 08:39 AM

Hi,

Glad it got solved.

I do agree that there are several things on the ASA alone with regards to error messages (and other messages) that could provide a lot more information to help you determine what the actual problem is.

- Jouni

0 Helpful

Go to solution
ehayric1320
Level 1
Level 1
In response to Jouni Forss

‎02-18-2016 02:55 PM

I am practicing with ASA for the first time in Packet Tracer and I am encountering the same error however I have verified that I have defined the three items listed above. Any ideas?

sh run...

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set peer 192.168.0.12 255.255.255.0

crypto map outside_map 1 set ikev1 transform-set ESP-AES-SHA

crypto ikev1 enable outside

-output parsed-

ciscoasa1(config)#crypto map outside_map interface outside

WARNING: crypto map has incomplete entries

0 Helpful

Go to solution
daniel.constantinescu
Level 1
Level 1
In response to ehayric1320

‎05-24-2020 09:35 PM

got the same error..however once i ping the network on teh other side of tunnel, vpn start working..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents