error VPN between pix 515 ASA v. 7.2.(2) and pix 501 v. 6.3(5)

Unanswered Question
Jun 21st, 2007
User Badges:

I have configured a vpn between the two pixs, but the vpn doesnt work.


I have this message on the pix 515


3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, Removing peer from correlator table failed, no match!

3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, QM FSM error (P2 struct &0x2ce8100, mess id 0x14444cd5)!

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!

3|Jun 13 2007|07:07:06|713119|||Group = 172.22.40.2, IP = 172.22.40.2, PHASE 1 COMPLETED

6|Jun 13 2007|07:07:06|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = 172.22.40.2

4|Jun 13 2007|07:07:06|713903|||Group = 172.22.40.2, IP = 172.22.40.2, Freeing previously allocated memory for authorization-dn-attributes


do you have any ideas ?


thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 06/21/2007 - 05:03
User Badges:
  • Blue, 1500 points or more

on the 515 enter:

no crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 20 set transform-set ESP-3DES-MD5

clear crypto ipsec sa

clear isa sa


that should do it i think.


the relevent error is:

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!


this means your IPSec SA proposals don't match basically. your 501 is using 3des/md5, and your 515 was configured for des/md5.


Actions

This Discussion