cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
699
Views
0
Helpful
3
Replies

Explanation of VPN Error!

Leo_Stobbe
Level 1
Level 1

Does anybody know what is the exact problem on VPN configuration ?

VPN between 3com and Cisco Firewall

I see the error on Cisco...

Everything checked on both side.

QM FSM error (P2 struct &0x3cddb20, mess id 0x698f179f)!

Removing peer from correlator table failed, no match!

3 Replies 3

spremkumar
Level 9
Level 9

Hi

This is what i could get from CCO..

%IKEDBG/97: QM FSM error (P2 struct %x, mess id %x)!

This event indicates an error has occurred within the phase 2 state machine.

Recommended Action: There is no specific action required. These events should only be enabled under the direction of the Cisco TAC.

Related documents- No specific documents apply to this error message.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K91023423

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K74152394

regds

ajagadee
Cisco Employee
Cisco Employee

Leo,

Can you post the outputs of "Deb cry isa" and "Deb cry ipsec" from the Pix when you try to bring up the tunnel.

Looks like the tunnel is failing because, Phase 2 of the IPSEC tunnel is failing.

Check the transform set - Encryption, Hashing Algorithm, Match Address, Lifetimes, etc.

Regards,

Arul

** Please rate all helpful posts **

Dec 12 09:30:36 [IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x3d678e0, mess id 0xf8c399f6)!

Dec 12 09:30:36 [IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

%ASA-3-713119: Group = x.x.x.x, IP = x.x.x.x, PHASE 1 COMPLETED

%ASA-3-713902: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x37e3f50, mess id 0x4ef0f623)!

%ASA-3-713902: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!