Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Error when using PDM..

Status
Not open for further replies.
wturner80

wturner80

IS-IT--Management
Nov 2, 2005
57
US
When I attempt to access the VPN tab in PDM I get the following message: PDM does not support multiple dynamic crypto maps per interface. Please collapse them into one. Otherwise you will not be able to manage crypto map via PDM.
Can anyone give me some leadway on how to correct this?
 
Sort by date Sort by votes
Do you currently have users using a vpn through your PIX? If so, it might be kind of tricky as to what you need to "collapse" or replace with an up-to-date command in the cli. Or, remove one of the crypto maps that share the same interface and then reenter them via the PDM.

What version of software do you have on the pix?

Can you copy/paste your crypto maps here? Just the lines that look like so...

crypto dynamic-map outside_dyn_map
crypto dynamic-map outside_dyn_map
crypto dynamic-map outside_dyn_map
 
Upvote 0 Downvote
Software version: 6.3(4)
crypto lines:
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set NGU esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto dynamic-map dynmap 10 set transform-set ESP-DES-MD5
crypto map outside_map 1 ipsec-isakmp
crypto map outside_map 1 match address 101
crypto map outside_map 1 set peer xx.xx.xx.xx
crypto map outside_map 1 set transform-set NGU
crypto map outside_map 10 ipsec-isakmp dynamic dynmap
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client configuration address respond
crypto map outside_map interface outside
 
Upvote 0 Downvote
I have VPN clients that use the pix. A site to site was previously setup but it doesn't work now since an ISP change at the remote site.
 
Upvote 0 Downvote
wturner-

All you have to do is take out the dynamic crypto-map named dynmap and rename it to reflect the the name outside_dyn_map. So it should look like this..

crypto dynamic-map outside_dyn_map 10 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5

after looking at your config you posted, you are not even using the dynamic map called dynmap. It repeats outside_dyn_map 20.

Frank
 
Upvote 0 Downvote
Thanks for the help. I just used CLI to delete the crypto lines and then used PDM to start a site to site VPN.

Thanks again for the help.
 
Upvote 0 Downvote
Update...after deleting the crypto lines my remote users were not able to login in via VPN client. Which lines are directly related to client logins?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxnkey
  • Locked
  • Question
Cisco ASA VPN using Windows Client-Error 691
Replies
1
Views
214
pbxnkey
pbxnkey
Russtoleum
  • Locked
  • Question
custom VPN Tunnel not appearing when trying to add route
Replies
1
Views
188
jcarmichael1203
jcarmichael1203
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
148
RodneyMcSnow
RodneyMcSnow
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
321
ttrsux
ttrsux
xylax
  • Locked
  • Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
125
xylax
xylax

Part and Inventory Search

Sponsor

Back
Top