05-12-2011 01:15 PM
I have one side of the config available to me, but the problem we are having is an error that continues to pop up:
May 12 03:49:36 [IKEv1]: Group = 163.164.224.23, IP = 163.164.224.23, QM FSM error (P2 struct &0xc95963a0, mess id 0xedb82b5d)!
May 12 03:49:36 [IKEv1]: Group = 163.164.224.23, IP = 163.164.224.23, Removing peer from correlator table failed, no match!
We are not running PFS, and since we both have ASA, we have the identity set to the IP addresses.
We've also cleared out the crypto isakmp sa then tried to bring up the connection.
We are also only doing static peers so this is not the issue either.
The only other thing we can confirm is that neither one of us can figure this out.
Any thoughts on where to start? We've been through our configs several time and we don't see a difference.
The only thing different between us is that I have an ASA 5505 and he has an ASA 5510.
We have it configured for one customer, while they have multiple customer's on theirs.
Any advice would be most appreciated.
Also, if you require the configuration, please let me know and I will attach it to the post.
Thank you
05-12-2011 01:30 PM
Hi,
Please post the configuration on both sites.
Toshi
05-12-2011 01:40 PM
Hi
One possible reason is the proxy identities, such as interesting traffic, access control list (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.
Another possible reason is mismatching of the transform set parameters. Make sure that at both ends, VPN gateways use the same transform set with the exact same parameters.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide