12-17-2003 01:17 AM - edited 02-21-2020 12:58 PM
dears
I have problem when I using Cisco vpn client to connect to Cisco 3000 concentrator using l2tp/ipsec
I receive the following error
I know where is the error in log file but I can not do any thing to resolve it
I will make the log with red color
can any one help me
where IP address of public interface :100.100.100.100
client IP address : 100.100.100.100.105
concentrator configuration :
ika : IKE-3DES-MD5-RSA
SA : ESP-L2TP-TRANSPORT
group name : tamseel
user : cert_user
using certificate
not NATING
-----------------------------------------------------------
concentrator log for the connection
10330 12/10/2003 14:31:20.710 SEV=5 IKE/21 RPT=415 100.100.100.105
No Group found by matching IP Address of Cert peer 100.100.100.105
10331 12/10/2003 14:31:20.710 SEV=5 CERT/106 RPT=24
Group not found for cert peer 100.100.100.105 using group matching rules
10332 12/10/2003 14:31:20.710 SEV=5 IKE/20 RPT=402 100.100.100.105
No Group found by matching OU(s) from ID payload:
Unknown
10333 12/10/2003 14:31:20.960 SEV=5 IKE/79 RPT=411 100.100.100.105
Group [tamseel]
Validation of certificate successful
(CN=tradews205, SN=1EDE62EC00000000000A)
10335 12/10/2003 14:31:27.960 SEV=3 AUTH/5 RPT=42 100.100.100.105
Authentication rejected: Reason = Invalid password
handle = 559, server = Internal, user = cert_user, domain = <not specified>
10337 12/10/2003 14:31:38.060 SEV=4 IKE/52 RPT=35 100.100.100.105
Group [tamseel] User [cert_user]
User (cert_user) authenticated.
10338 12/10/2003 14:31:38.140 SEV=5 IKE/184 RPT=35 100.100.100.105
Group [tamseel] User [cert_user]
Client OS: N/A
Client Application Version: 3.5.4 (Rel)
10340 12/10/2003 14:31:39.200 SEV=4 IKE/119 RPT=383 100.100.100.105
Group [tamseel] User [cert_user]
PHASE 1 COMPLETED
10341 12/10/2003 14:31:39.210 SEV=5 IKE/25 RPT=388 100.100.100.105
Group [tamseel] User [cert_user]
Received remote Proxy Host data in ID Payload:
Address 172.16.2.100, Protocol 0, Port 0
10344 12/10/2003 14:31:39.210 SEV=5 IKE/24 RPT=382 100.100.100.105
Group [tamseel] User [cert_user]
Received local Proxy Host data in ID Payload:
Address 100.100.100.100, Protocol 0, Port 0
10347 12/10/2003 14:31:39.210 SEV=4 IKE/1 RPT=370 100.100.100.105
Group [tamseel] User [cert_user]
Received invalid phase 2 L2TP/IPSec Responder ID payload
Expected ID: Type 1, Proto 17, Port 1701, Addr 100.100.100.100
Received ID: Type 1, Proto 0, Port 0, Addr 100.100.100.100
10351 12/10/2003 14:31:39.210 SEV=4 IKEDBG/0 RPT=372
QM FSM error (P2 struct &0x355fba8, mess id 0x90bcbbd1)!
10352 12/10/2003 14:31:39.210 SEV=4 IKEDBG/65 RPT=489 100.100.100.105
Group [tamseel] User [cert_user]
IKE QM Responder FSM error history (struct &0x355fba8)
<state>, <event>:
QM_DONE, EV_ERROR
QM_BLD_MSG2, EV_NEGO_SA
QM_BLD_MSG2, EV_IS_REKEY
QM_BLD_MSG2, EV_CONFIRM_SA
12-23-2003 08:50 AM
QM FSM stands for Quick Mode Finite State Machine. The encryption process consists of a series of such "finite state machines" and each FSM accepts input from the previous FSM. The QM FSM error is not sufficient to put a fingure on the exact problem. You could recheck your configuration and also look for bugs that might be causing this problem. However, another possibility exists if you upgraded your VPN client recently. We started getting similar messages soon after we upgraded but they went away after the first reload. If your VPN is getting established, I guess you could safely ignore the messages.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide