Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3534
Views
5
Helpful
4
Replies

!!warning:no traffic is selected in dynamic crypto map

Go to solution
manuscript1
Level 1
Level 1

ā€Ž02-16-2017 04:45 AM

Hi I have an asa 55xx v9 or so ....

I also have a remote easy VPN - tunnel is up operational and my users are rampant in the  joy of network connectivity

However......I have the error !!warning:no traffic is selected in dynamic crypto map on my adsm crypto map page.

Thought this would be easy by adding a traffic filer of source destination in teh traffic selection but doing so with the right networks

eg "local network remote network " in the filter the easy vpn dies a horrible death . Thsi is also true if i reverse my networks in teh traffic filter .

Also someone else in my team tried any any in this dynamic filter and the firewall when into total meltdown so wont do that in a hurry ,

Anyone know if this is a "real" error - am i exposing my moth eaten underpants ? or is thsi "normal" when using easyvpn (ikev1 ) at the remote

end ....

its doing my head in !

any help will be like manna from the gods of networking ...........

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

ā€Ž02-16-2017 05:12 AM

Let me see if I can help :) So dynamic crypto maps were primarily meant to be for RA VPN solutions like the old Cisco IPsec VPN clients. But of course, as you have it configured and working, it can also be used for dynamic ezvpn spokes and takes some of the same characteristics as a remote client (mode config etc). The ASDM is unfortunately not so smart to understand this and is probably coded in such a way that anything under the Site to Site VPN section should have a crypto ACL to match traffic. This of course is not true, so you can safely ignore this message. Dynamic maps do not need to have a crypto ACL to match traffic because as a part of the dynamic nature of it, it should receive the proxies from the peer.

That being said, what is your ASDM version? There were a few bugs in 7.5 and 7.6 release that caused any any proxies to be added.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy60531

You might want to run 7.6(2) or later to avoid this.

View solution in original post

4 Replies 4

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

ā€Ž02-16-2017 05:12 AM

Let me see if I can help :) So dynamic crypto maps were primarily meant to be for RA VPN solutions like the old Cisco IPsec VPN clients. But of course, as you have it configured and working, it can also be used for dynamic ezvpn spokes and takes some of the same characteristics as a remote client (mode config etc). The ASDM is unfortunately not so smart to understand this and is probably coded in such a way that anything under the Site to Site VPN section should have a crypto ACL to match traffic. This of course is not true, so you can safely ignore this message. Dynamic maps do not need to have a crypto ACL to match traffic because as a part of the dynamic nature of it, it should receive the proxies from the peer.

That being said, what is your ASDM version? There were a few bugs in 7.5 and 7.6 release that caused any any proxies to be added.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy60531

You might want to run 7.6(2) or later to avoid this.

Go to solution
manuscript1
Level 1
Level 1
In response to Rahul Govindan

ā€Ž02-16-2017 05:27 AM

Thank You Rahul

thats a relief i have tied myself in knots with this  we are on adsm 7.6.1

many many thank sir !

0 Helpful

Go to solution
leo.espinosa
Level 1
Level 1
In response to Rahul Govindan

ā€Ž05-26-2018 03:41 PM

i had this issue after i upgraded from 8.6 to 9.8 (asa5505 to asa5506x).

Saw the warning and decided to add the any-any ACL, ouch big mistake.

Thanks a lot!

 

0 Helpful

Go to solution
Mark Lancaster
Level 1
Level 1
In response to Rahul Govindan

ā€Ž08-09-2021 02:04 PM

Just a note I am still seeing this warning message in ASDM 7.16(1).  Thank you for posting the solution to safely ignore this.

0 Helpful
Customers Also Viewed These Support Documents