Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
0
Helpful
3
Replies

Adding a 2 VPN on PIX 501

Go to solution
fgarcia
Level 1
Level 1

‎03-22-2005 04:56 PM

Hi there..i'm newbie in this cisco stuff..

i'm trying to setup multiple VPNs on a Cisco PIX 501 firewall with Linksys BEFVP41 routers..

Since not very familiar with the CLI, i'm using the PDM utility and it was very easy for the first one..unfortunately i'm receiving this error when i try to add the second VPN using the VPN Wizard:

(ERR)crypto map outside_map set peer 200.20.10.3

WARNING: This crypto map is incomplete

To remedy the situation add a peer and a valid access-list to this crypto map

Labels:
Preview file
128 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9
In response to fgarcia

‎03-26-2005 01:20 AM

hi garcia

for each vpn/peer you need a seperate instance of crypto map.. the map will have the same name, but different sequence numbers.. only one crypto map can be assigned to an interface, but u can have many instance of maps inside the major one...

for configuration, you can go through the URL given below..it has all config details about IPSEC:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/ipsecint.htm

hope this helps.. all the best.. rate replies if found useful....

Raj

View solution in original post

0 Helpful
3 Replies 3

Go to solution
sachinraja
Level 9
Level 9

‎03-24-2005 12:06 AM

Hi garcia

You need to first create an ACL for interesting traffic and later bind this to the crypto map.. you also need to set the peer address on the crypto map instance.. without these two parameters, the crypto map is empty and wont work..

the configs are added through the PDM only after these entries are defined...

there is no other problem with ur config.. just add these entries and u will be able to store it on the pix...

if you require the CLI , let me know, i will give you the commands...

Raj

0 Helpful

Go to solution
fgarcia
Level 1
Level 1
In response to sachinraja

‎03-25-2005 02:23 PM

Thanks Raj..i think i got the point now..

Could you send me which cli commands i need to bind the crypto map?...one more question: is the same crypto map for all VPNS or each VPN needs thier own crypto map?

Thanks a loto for you help

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to fgarcia

‎03-26-2005 01:20 AM

hi garcia

for each vpn/peer you need a seperate instance of crypto map.. the map will have the same name, but different sequence numbers.. only one crypto map can be assigned to an interface, but u can have many instance of maps inside the major one...

for configuration, you can go through the URL given below..it has all config details about IPSEC:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/ipsecint.htm

hope this helps.. all the best.. rate replies if found useful....

Raj

0 Helpful
Customers Also Viewed These Support Documents