https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840001#M488769 <HTML><HEAD></HEAD><BODY><P>What version are you runnig, I do not think this is a bug, but I will&nbsp; research on this for you.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Mon, 23 Jan 2012 20:44:53 GMT Julio Carvajal 2012-01-23T20:44:53Z https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1839998#M488763 <P>Hi,</P><P></P><P>I am getting the below&nbsp; messages in my cisco asa 5520, during this time tunnel is down. just what to check whether the problem is at remote FW or with asa. </P><P></P><P></P><P>local fw: asa</P><P>remote fw : check point UTM edge</P><P></P><TABLE border="0" cellpadding="0" cellspacing="0" style="width: 1112px;"><TBODY><TR style="height: 45.0pt;"><TD height="60" style="height: 45.0pt; width: 834pt;" width="1112"><P>jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, removing peer from correlator table failed, no match!</P><P>jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, qm fsm error (p2 struct &amp;0xd1884f20, mess id 0xb449e909)!</P><P>jan 12 2012 10:50:27: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 3024742665</P><P></P><P></P><P>jan 12 2012 10:51:23: %%asa-6-602304: ipsec: an outbound lan-to-lan sa (spi= 0x77bac51f) between 125.16.27.18 and 203.179.86.179 (user= 203.179.86.179) has been deleted.</P><P>jan 12 2012 10:51:23: %%asa-6-602304: ipsec: an inbound lan-to-lan sa (spi= 0xba125457) between 125.16.27.18 and 203.179.86.179 (user= 203.179.86.179) has been deleted.</P><P>jan 12 2012 10:51:23: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, removing peer from correlator table failed, no match!</P><P>jan 12 2012 10:51:23: %%asa-5-713050: group = 203.179.86.179, ip = 203.179.86.179, connection terminated for peer 203.179.86.179.&nbsp; reason: peer terminate&nbsp; remote proxy 192.168.211.0, local proxy 10.158.0.0</P><P></P><P></P><P>jan 12 2012 10:51:23: %%asa-4-113019: group = 203.179.86.179, username = 203.179.86.179, ip = 203.179.86.179, session disconnected. session type: ipsec, duration: 0h:01m:05s, bytes xmt: 29911, bytes rcv: 5310, reason: crypto map policy not found</P><P>jan 12 2012 10:51:24: %%asa-6-713219: group = 203.179.86.179, ip = 203.179.86.179, queuing key-acquire messages to be processed when p1 sa is complete.</P><P>jan 12 2012 10:51:25: %%asa-6-713219: group = 203.179.86.179, ip = 203.179.86.179, queuing key-acquire messages to be processed when p1 sa is complete.</P><P></P><P></P><P></P><P>jan 12 2012 10:51:29: %%asa-5-713201: group = 203.179.86.179, ip = 203.179.86.179, duplicate phase 2 packet detected.&nbsp; retransmitting last packet.</P><P>jan 12 2012 10:51:30: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 4241327105</P><P>jan 12 2012 10:51:32: %%asa-3-713902: group = 203.179.86.179, ip = 203.179.86.179, received encrypted oakley quick mode packet with invalid payloads, messid = 4241327105</P><P></P><P></P><P></P><P></P><P>Thanks,</P><P>Sridhar</P></TD></TR><TR style="height: 45.0pt;"><TD height="60" style="height: 45.0pt; width: 834pt;" width="1112"><BR /></TD></TR><TR style="height: 60.0pt;"><TD height="80" style="height: 60.0pt; width: 834pt;" width="1112"><TABLE border="0" cellpadding="0" cellspacing="0" style="width: 834pt;" width="1112"><TBODY></TBODY></TABLE></TD></TR></TBODY></TABLE> Mon, 11 Mar 2019 22:13:14 GMT https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1839998#M488763 sridhar ch 2019-03-11T22:13:14Z https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1839999#M488765 <HTML><HEAD></HEAD><BODY><P>Hello Sridhar,</P><P></P><P>You are bulding a site to site between these two locations on log </P><P> %%asa-4-113019 we can see that there is no crypto map policy found for that connection, so you will need to check the crypto map configuration on this ASA, check if it has the right policies for the Site to site with the other VPN endpoint.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Sat, 21 Jan 2012 03:13:20 GMT https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1839999#M488765 Julio Carvajal 2012-01-21T03:13:20Z https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840000#M488767 <HTML><HEAD></HEAD><BODY><P>the crypto map is very much configured. interestingly the FW is throwing this error message. the tunnel is up, when it is down i am getting this error message. Is this a bug in the IOS or something? how do i fix this?</P><P></P><P>Thanks,</P><P>Sridhar</P></BODY></HTML> Mon, 23 Jan 2012 14:52:22 GMT https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840000#M488767 sridhar ch 2012-01-23T14:52:22Z https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840001#M488769 <HTML><HEAD></HEAD><BODY><P>What version are you runnig, I do not think this is a bug, but I will&nbsp; research on this for you.</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Mon, 23 Jan 2012 20:44:53 GMT https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840001#M488769 Julio Carvajal 2012-01-23T20:44:53Z https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840002#M488771 <HTML><HEAD></HEAD><BODY><P>thanks a lot. please find the details.</P><P></P><P>Cisco Adaptive Security Appliance Software Version 8.2(1)</P><P>Device Manager Version 6.3(4)</P><P>System image file is "disk0:/asa821-k8.bin"</P></BODY></HTML> Tue, 24 Jan 2012 09:28:02 GMT https://community.cisco.com/t5/network-security/vpn-tunnel-issues/m-p/1840002#M488771 sridhar ch 2012-01-24T09:28:02Z