cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

18688
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA VPN error: removing peer from correlator table failed, no match!

user got disconnected and no luck in reconnecting back until 10 minutes later, 

ASA    syslog shows :  removing peer from correlator table failed, no match!

googled the error message, "Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions" mention this:

VPN tunnel fails to come up after moving configuration from PIX to ASA using the PIX/ASA configuration migration tool; these messages appear in the log:

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Stale PeerTblEntry found, removing! [IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match! [IKEv1]: Group = x.x.x.x, IP = x.x.x.x, construct_ipsec_delete(): No SPI to identify Phase 2 SA! [IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

This issue happens since PIX by default is set to identify the connection as hostname where the ASA identifies as IP. In order to resolve this issue, use the crypto isakmp identity command in global configuration mode as shown below:

crypto isakmp identity hostname

my question is:       

1. why the user got disconnected and was able to reconnect back in 10 minutes without any modification being done on ASA?

2. what does the log error mean? if similar issue happens again, should we take action at all?

thanks.

Everyone's tags (8)
1 REPLY 1
Beginner

Hi,I am facing the same

Hi,

I am facing the same problem with my ASA firewall, this message appears every second - "unable to remove peer from the correlator table" and QM FSM error...

Need help.

Thanks

Rahul Verma

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards