05-21-2008 02:02 AM - edited 02-21-2020 03:44 PM
My customer is trying to establish a VPN connection from his network to our network.
However, the VPN connection cannot be established. Following is the error:
2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713119: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 1 COMPLETED
2008-05-20 15:16:22 Local4.Notice yy.yy.yy.yy %ASA-5-713904: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, All IPSec SA proposals found unacceptable!
2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0xd5a88fe0, mess id 0x6848403d)!
2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Removing peer from correlator table failed, no match!
2008-05-20 15:16:22 Local4.Warning yy.yy.yy.yy %ASA-4-113019: Group = xx.xx.xx.xx, Username = xx.xx.xx.xx, IP = xx.xx.xx.xx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
How can I find out what may go wrong?
05-21-2008 02:48 AM
Please look at Phase 2 IPSEC policy settings on both the VPN gateway in questions, like transform-set, PFS (enabled or disabled) and crypto ACL. All these parameters should exactly match on both the VPN endpoints.
Hope it helps.
Regards
05-22-2008 02:26 AM
I had checked all of the aboves but problem still remains.
05-22-2008 04:18 AM
Could you please attach the sh run output here?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide