06-21-2007 04:24 AM
I have configured a vpn between the two pixs, but the vpn doesnt work.
I have this message on the pix 515
3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, Removing peer from correlator table failed, no match!
3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, QM FSM error (P2 struct &0x2ce8100, mess id 0x14444cd5)!
5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!
3|Jun 13 2007|07:07:06|713119|||Group = 172.22.40.2, IP = 172.22.40.2, PHASE 1 COMPLETED
6|Jun 13 2007|07:07:06|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = 172.22.40.2
4|Jun 13 2007|07:07:06|713903|||Group = 172.22.40.2, IP = 172.22.40.2, Freeing previously allocated memory for authorization-dn-attributes
do you have any ideas ?
thanks
06-21-2007 05:03 AM
on the 515 enter:
no crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 set transform-set ESP-3DES-MD5
clear crypto ipsec sa
clear isa sa
that should do it i think.
the relevent error is:
5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!
this means your IPSec SA proposals don't match basically. your 501 is using 3des/md5, and your 515 was configured for des/md5.
06-21-2007 07:28 AM
yet it's ok
thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide