11-09-2010 06:00 AM - edited 02-21-2020 04:57 PM
Hi,
I've tried to set up a new Site to Site VPN on a ASA5505 where there was already a Remote Access VPN on it.
After adding the new configuration lines I got the follwoing message when I debug:
Nov 04 07:06:06 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, QM FSM error (P2 struct &0xd91a4d10, mess id 0xeac05ec0)!
Nov 04 07:04:36 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, Removing peer from correlator table failed, no match!
Does anybody know what is wrong? And what to change in the config?
Thanks in advance,
Ruben
Solved! Go to Solution.
11-09-2010 07:22 AM
Hi,
If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''
Federico.
11-09-2010 07:22 AM
Hi,
If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide