Pix site-to-site config

Discussion in 'Cisco' started by Barry G. Taylor, Jun 15, 2004.

  1. All,

    Trying to set up a site-to-site config and get an error message that
    says:

    cryptomap outside_map_2 120 set peer xx.xx.xx.xx
    to remedy the situation add a peer and a valid access list to this
    crypto map

    I've set up about 4 or 5 other site-to-sites without issue and this is
    the first one that has given me any problems and the others work fine.

    BTY, I'm using 2 Pix 501's and the PDM 3.0

    Any ideas???

    Below is some of the config. Let me know if there's something else I
    haven't shown.
    Thanks.

    access-list outside_cryptomap_120 permit ip Name 255.255.255.0
    192.168.8.0 255.255.255.0

    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    sysopt connection permit-l2tp
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

    crypto map outside_map_2 120 match address outside_cryptomap_120
    crypto map outside_map_2 120 set peer xx.xxx.xx.xxx
    crypto map outside_map_2 120 set transform-set ESP-3DES-MD5
    crypto map outside_map_2 65535 ipsec-isakmp dynamic outside_dyn_map
     
    Barry G. Taylor, Jun 15, 2004
    #1
    1. Advertising

  2. In article <>,
    Barry G. Taylor <> wrote:
    :Trying to set up a site-to-site config and get an error message that
    :says:

    :cryptomap outside_map_2 120 set peer xx.xx.xx.xx
    :to remedy the situation add a peer and a valid access list to this
    :crypto map

    Hmmm, something seems to be missing from what you put in -- the
    actual error message.


    :I've set up about 4 or 5 other site-to-sites without issue and this is
    :the first one that has given me any problems and the others work fine.

    :BTY, I'm using 2 Pix 501's and the PDM 3.0

    What PIX software version? Earlier releases of the 501 were restricted
    to 5 simultaneous ISAKMP peers.

    :crypto map outside_map_2 120 match address outside_cryptomap_120
    :crypto map outside_map_2 120 set peer xx.xxx.xx.xxx
    :crypto map outside_map_2 120 set transform-set ESP-3DES-MD5


    You do not appear to have

    crypto map outside_map_2 120 ipsec-isakmp
    --
    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
     
    Walter Roberson, Jun 15, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Remco Bressers
    Replies:
    1
    Views:
    545
    Jyri Korhonen
    Nov 21, 2003
  2. Javier Villegas
    Replies:
    1
    Views:
    539
    Walter Roberson
    Jan 27, 2004
  3. GVB
    Replies:
    1
    Views:
    2,894
    Martin Bilgrav
    Feb 6, 2004
  4. Jeff
    Replies:
    5
    Views:
    1,164
  5. 187therapy

    Cisco Pix site to site vpn config

    187therapy, Apr 12, 2008, in forum: Cisco
    Replies:
    0
    Views:
    3,228
    187therapy
    Apr 12, 2008
Loading...

Share This Page