Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1747
Views
0
Helpful
1
Replies

QM FSM error

k.adath2015
Level 1
Level 1

‎12-23-2016 03:36 AM - edited ‎03-12-2019 01:42 AM

Hi,

I am getting the contious error message firewall log

Group = 1.1.1.1, IP = 1.1.1.1, Removing peer from correlator table failed, no match!
Group = 1.1.1.1, IP = 1.1.1.1, QM FSM error (P2 struct &0x00007ffeddc38a30, mess id 0x2)!
Group = 1.1.1.1, IP = 1.1.1.1, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.16.10.0/255.255.0.0/0/0 local proxy 192.168.10.0/255.255.255.0/0/0 on interface Outside

Please help 

Labels:
0 Helpful
1 Reply 1

Rahul Govindan
VIP Alumni
VIP Alumni

‎12-23-2016 07:27 AM

Looks like there is another device negotiating an IPsec tunnel with your ASA. Your ASA is probably not configured for it and drops the transaction as it cannot find matching entry. If you are expecting an IPsec tunnel to be terminated on the ASA, then either your or remote device is wrongly configured for IPsec.

Capture traffic on your outbound/outside interface for udp 500 traffic to determine which device is sending the request.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card