error VPN between pix 515 ASA v. 7.2.(2) and pix 501 v. 6.3(5)

kmikamines · ‎06-21-2007

I have configured a vpn between the two pixs, but the vpn doesnt work.

I have this message on the pix 515

3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, Removing peer from correlator table failed, no match!

3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, QM FSM error (P2 struct &0x2ce8100, mess id 0x14444cd5)!

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!

3|Jun 13 2007|07:07:06|713119|||Group = 172.22.40.2, IP = 172.22.40.2, PHASE 1 COMPLETED

6|Jun 13 2007|07:07:06|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = 172.22.40.2

4|Jun 13 2007|07:07:06|713903|||Group = 172.22.40.2, IP = 172.22.40.2, Freeing previously allocated memory for authorization-dn-attributes

do you have any ideas ?

thanks

srue · ‎06-21-2007

on the 515 enter:

no crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 20 set transform-set ESP-3DES-MD5

clear crypto ipsec sa

clear isa sa

that should do it i think.

the relevent error is:

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!

this means your IPSec SA proposals don't match basically. your 501 is using 3des/md5, and your 515 was configured for des/md5.

kmikamines · ‎06-21-2007

yet it's ok

thanks for your help