on 09-25-2011 03:29 AM
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, QM FSM error (P2 struc
t &0xad1df968, mess id 0xa2433a87)!
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, Removing peer from cor
relator table failed, no match!
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, Session is being torn
down. Reason: Phase 2 Mismatch
ASA5510# show ip address
System IP Addresses:
Interface Name IP address Subnet mask
Method
Ethernet0/1 inside 10.1.2.1 255.255.255.0
CONFIG
Ethernet0/2 outside 10.1.1.2 255.255.255.0
CONFIG
Management0/0 Management 192.168.1.1 255.255.255.0
CONFIG
Current IP Addresses:
Interface Name IP address Subnet mask
Method
Ethernet0/1 inside 10.1.2.1 255.255.255.0
CONFIG
Ethernet0/2 outside 10.1.1.2 255.255.255.0
CONFIG
Management0/0 Management 192.168.1.1 255.255.255.0
CONFIG
ASA5510#
ASA5510# show conf
ASA5510# show configuration
: Saved
: Written by enable_15 at 05:21:31.339 UTC Sun Sep 25 2011
!
ASA Version 8.2(2)
!
hostname ASA5510
domain-name cisco.com
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
!
interface Ethernet0/2
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif Management
security-level 0
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
access-list 100 extended permit ip any any
access-list outside_1_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192
.168.30.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu Management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
static (inside,outside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,outside) 192.168.20.0 192.168.20.0 netmask 255.255.255.0
access-group 100 in interface outside
route inside 192.168.10.0 255.255.255.0 10.1.2.2 1
route inside 192.168.20.0 255.255.255.0 10.1.2.2 1
route outside 192.168.30.0 255.255.255.0 10.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.1 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP_DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 10.1.1.1
crypto map outside_map 1 set transform-set ESP_DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 28800
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy franchise internal
group-policy franchise attributes
vpn-tunnel-protocol webvpn
webvpn
url-list none
username franchise password Xa01d5ksWx/8sm8t encrypted privilege 0
username franchise attributes
vpn-group-policy franchise
username cisco password 3USUcOPFUiMCO4Jk encrypted
tunnel-group 10.1.1.1 type ipsec-l2l
tunnel-group 10.1.1.1 ipsec-attributes
pre-shared-key *
tunnel-group franchise type remote-access
tunnel-group franchise general-attributes
default-group-policy franchise
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:8065937fff81634e958850d7eeb2a6be
ASA5510#
RV120W的配置
IPsec Policies
IKE Policies Table
Name Mode Local IP Remote IP Encryption Authentication DH
Franchise Main 10.1.1.1 10.1.1.2 DES SHA-1 Group 2 (1024 bit)
VPN Policies Table
Status Name Type Local Remote Authentication Encryption
Enabled Franchise Auto Policy 192.168.30.0 / 255.255.255.0 192.168.0.0 / 255.255.255.0 SHA-1 DES
Selected IKE Policy View
General
Policy Name: Franchise
Direction / Type Both
Exchange Mode: Main
Enable XAUTH Client: None
Local Identification
Identifier Type: Local Wan IP
Local Wan IP: 10.1.1.1
Peer IKE Identification
Identifier Type: Remote Wan IP
Local Wan IP: 10.1.1.2
IKE SA Parameters
Encryption Algorithm: DES
Authentication Algorithm: SHA-1
Authentication Method: Pre-shared key
Pre-Shared Key: franchise
Diffie-Hellman (DH) Group: 2
SA-Lifetime: 28800 Seconds
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, QM FSM error (P2 struc
t &0xad1df968, mess id 0xa2433a87)!
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, Removing peer from cor
relator table failed, no match!
Sep 25 10:26:51 [IKEv1]: Group = 10.1.1.1, IP = 10.1.1.1, Session is being torn
down. Reason: Phase 2 Mismatch
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: