Hello,

i have an problem while configurating two VPN Zunnels on a PIX501 Ver. 6.3

The Problem occurs always in the moment when i configured the second VPN in the PDM an Apply it ti the PIX.

The Error occours with Net-to-Net Tunnels with PreSharedKeys and also with Remote VPN Tunnels as second Definition.

The Error-message in the PDM:

------------------------

[OK] isakmp key cisco address 192.168.100.80 netmask 255.255.255.255 no-xauth no-config-mode

[OK] name 192.168.134.0 LAN_Malta

[OK] pdm location 192.168.134.0 255.255.255.0 outside

[OK] access-list inside_outbound_nat0_acl line 2 permit ip host 192.168.137.1 192.168.134.0 255.255.255.0

[OK] nat (inside) 0 access-list inside_outbound_nat0_acl

[OK] access-list outside_cryptomap_20 permit ip host 192.168.137.1 192.168.134.0 255.255.255.0

[ERR]crypto map outside_map 20 set peer 192.168.100.80

WARNING: This crypto map is incomplete.

To remedy the situation add a peer and a valid access-list to this crypto map.

[OK] crypto map outside_map 20 match address outside_cryptomap_20

[OK] crypto map outside_map 20 set transform-set ESP-3DES-MD5

[OK] crypto map outside_map 20 set security-association lifetime seconds 28800 kilobytes 4608000

[OK] crypto map outside_map interface outside

[OK] sysopt connection permit-ipsec

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname HAUPT

domain-name myDomain.com

names

name 192.168.137.1 SBS

name 192.168.134.0 LAN_VPN1

name 192.168.135.0 LAN_VPN2

access-list inside_outbound_nat0_acl permit ip 192.168.137.0 255.255.255.0 LAN_VPN1 255.255.255.0

access-list inside_outbound_nat0_acl permit ip 192.168.137.0 255.255.255.0 LAN_VPN2 255.255.255.0

access-list outside_cryptomap_20 permit ip 192.168.137.0 255.255.255.0 LAN_VPN1 255.255.255.0

access-list inside_access_in permit ip any any

access-list outside_cryptomap_40 remark VPN zu Realtek

access-list outside_cryptomap_40 permit ip 192.168.137.0 255.255.255.0 LAN_VPN2 255.255.255.0

access-list outside_access_in permit ip LAN_VPN1 255.255.255.0 any

access-list outside_access_in permit ip LAN_VPN2 255.255.255.0 any

pager lines 24

icmp permit any outside

icmp permit any inside

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.137.254 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set peer 192.168.100.80

crypto map outside_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 40 ipsec-isakmp

crypto map outside_map 40 match address outside_cryptomap_40

crypto map outside_map 40 set peer 192.168.80.80

crypto map outside_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 192.168.100.80 netmask 255.255.255.255 no-xauth no-config-mode

isakmp key ******** address 192.168.80.80 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400