11-09-2010 06:00 AM - edited 02-21-2020 04:57 PM
Hi,
I've tried to set up a new Site to Site VPN on a ASA5505 where there was already a Remote Access VPN on it.
After adding the new configuration lines I got the follwoing message when I debug:
Nov 04 07:06:06 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, QM FSM error (P2 struct &0xd91a4d10, mess id 0xeac05ec0)!
Nov 04 07:04:36 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, Removing peer from correlator table failed, no match!
Does anybody know what is wrong? And what to change in the config?
Thanks in advance,
Ruben
Solved! Go to Solution.
11-09-2010 07:22 AM
Hi,
If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''
Federico.
11-09-2010 07:22 AM
Hi,
If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: