VPN 3000 Client disonnects with this error

Unanswered Question
Jun 28th, 2007

I have clients VPN in with client Cisco VPN and they get dissconnected while working with this error:

QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

What does it mean ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
ggilbert Thu, 06/28/2007 - 03:59

Hello Levent,

QM FSM means - Quick Mode (Which is Phase 2 mode) Finite State Machine. Its just a general error message performed during any of the actions like entry, exit or input occurs.

Inorder to troubleshoot this problem, you need to enable the logs to HIGH and enable logging.

When this error happens again, you can send those logs. Look into the logs before this error message to see where the problem happens.

Also, if you have access to the headend device make sure to enable debugs. If it is a router or a firewall - deb cry isa & deb cry ipsec would be helpful. If you dont have access to it, then just the logs from the client can tell us a little bit about the error.



network_team Thu, 06/28/2007 - 04:19

Hi Thanks i have access to the VPN Concentrator the clients are connecting to and here are the logs. I have asked the client to configure the setting within the client VPN to log: Below are the logs from the VPN Concentrator:

[MHRA_Exec] User [olaiyav]IKE Initiator: Rekeying Phase 2 Intf 3 IKE Peer Proxy Address remote Proxy Address SA (ESP-3DES-MD5)

[MHRA_Exec] User [olaiyav]QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

[MHRA_Exec] User [olaiyav]Sending IKE Delete With Reason message: No Reason Provided.

[olaiyav] Group [MHRA_Exec] disconnected: Session Type: IPSec/NAT-T Duration: 0:57:32

Bytes xmt: 1530232 Bytes rcv: 1333072 Reason: Lost Service

ggilbert Thu, 06/28/2007 - 05:25

Can you please add the following Events on the concentrator for severities 1-13 for "Events to Log".

IKE, IKEDBG, IPSEC, IPSECDBG and do the test. Capture the client logs when you do this test and send them to me.

Seems like the reason we deleted that connection was because we lost contact with the client.



network_team Thu, 06/28/2007 - 05:43

Gilbert thanks for your help. I am confused how to configure severities 1-13. I have gone to event-general but not sure how to express what i need int he events list

ggilbert Thu, 06/28/2007 - 06:07

System | Events | Classes -

Click on ADD, choose the Event and choose the Severities to Log as 1-13



network_team Fri, 06/29/2007 - 05:56

Apologies i have found what you mean. I will gather the logs and get back to u


This Discussion