If you do a "show run crypto

jfeo · ‎06-01-2017

I am getting this error message and don't know why. Do you know if I am missing anything?

thank you

crypto map dyn-map 3 match address (ACL)
crypto map dyn-map 3 set pfs
crypto map dyn-map 3 set peer (ipaddress)

crypto map dyn-map 3 set transform-set ESP-AES-256-SHA
crypto map dyn-map 3 set security-association lifetime seconds 28800
crypto map dyn-map 3 set security-association lifetime kilobytes 4608000

ASA5520(config)# crypto map dyn-map interface OUTSIDE
WARNING: crypto map has incomplete entries

Rahul Govindan · ‎06-01-2017

If you do a "show run crypto map" do you see:

1) Set peer

2) ,match Address

3) set transform set

If you have all 3, it should show up as complete. The new ASA releases (9.x) have "set ikev1 transform set", so that could be the difference in your setup.

Another possibility is that you have sequence numbers other than 3 configured but incomplete.

Paste the output of "show run crypto map" if possible.

WARNING: crypto map has incomplete entries on vpn setup