neilntruong
IS-IT--Management
I am trying to setup a VPN to connect two networks. When creating the VPN rules on the PIX via the wizard I get the following err. Can someone please help?
Main site w/PIX:
-internal: 192.168.254.0 /24
-external: xxx.xxx.102.145
Remote site w/DLink VPN(DFL-300):
-internal: 192.168.1.0 /24
-external: 123.123.123.14
********************************************************
WARNING: This crypto map is incomplete
OK] isakmp key noserver address 123.123.123.14 netmask 255.255.255.255 no-xauth no-config-mode
[OK] isakmp policy 44 authen pre-share
[OK] isakmp policy 44 encrypt des
[OK] isakmp policy 44 hash md5
[OK] isakmp policy 44 group 1
[OK] isakmp enable outside
[OK] pdm location 192.168.1.0 255.255.255.0 outside
[OK] access-list no-nat line 10 permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
[OK] nat (inside) 0 access-list no-nat
[OK] route outside 192.168.1.0 255.255.255.0
xxx.xxx.102.145 1
[OK] access-list outside_cryptomap_65 permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
[ERR]crypto map newmap 65 set peer 123.123.123.14
WARNING: This crypto map is incomplete.
To remedy the situation add a peer and a valid access-list to this crypto map.
[OK] crypto map newmap 65 match address outside_cryptomap_65
[OK] crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
[OK] crypto map newmap 65 set transform-set ESP-DES-MD5
[OK] crypto map newmap 65 set security-association lifetime seconds 28800 kilobytes 4608000
[OK] crypto map newmap interface outside
[OK] sysopt connection permit-ipsec
Main site w/PIX:
-internal: 192.168.254.0 /24
-external: xxx.xxx.102.145
Remote site w/DLink VPN(DFL-300):
-internal: 192.168.1.0 /24
-external: 123.123.123.14
********************************************************
WARNING: This crypto map is incomplete
OK] isakmp key noserver address 123.123.123.14 netmask 255.255.255.255 no-xauth no-config-mode
[OK] isakmp policy 44 authen pre-share
[OK] isakmp policy 44 encrypt des
[OK] isakmp policy 44 hash md5
[OK] isakmp policy 44 group 1
[OK] isakmp enable outside
[OK] pdm location 192.168.1.0 255.255.255.0 outside
[OK] access-list no-nat line 10 permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
[OK] nat (inside) 0 access-list no-nat
[OK] route outside 192.168.1.0 255.255.255.0
xxx.xxx.102.145 1
[OK] access-list outside_cryptomap_65 permit ip 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
[ERR]crypto map newmap 65 set peer 123.123.123.14
WARNING: This crypto map is incomplete.
To remedy the situation add a peer and a valid access-list to this crypto map.
[OK] crypto map newmap 65 match address outside_cryptomap_65
[OK] crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
[OK] crypto map newmap 65 set transform-set ESP-DES-MD5
[OK] crypto map newmap 65 set security-association lifetime seconds 28800 kilobytes 4608000
[OK] crypto map newmap interface outside
[OK] sysopt connection permit-ipsec