VPN 3000 Client disonnects with this error

Unanswered Question
Jun 28th, 2007
User Badges:

I have clients VPN in with client Cisco VPN and they get dissconnected while working with this error:

QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

What does it mean ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
ggilbert Thu, 06/28/2007 - 03:59
User Badges:
  • Cisco Employee,

Hello Levent,

QM FSM means - Quick Mode (Which is Phase 2 mode) Finite State Machine. Its just a general error message performed during any of the actions like entry, exit or input occurs.

Inorder to troubleshoot this problem, you need to enable the logs to HIGH and enable logging.

When this error happens again, you can send those logs. Look into the logs before this error message to see where the problem happens.

Also, if you have access to the headend device make sure to enable debugs. If it is a router or a firewall - deb cry isa & deb cry ipsec would be helpful. If you dont have access to it, then just the logs from the client can tell us a little bit about the error.



network_team Thu, 06/28/2007 - 04:19
User Badges:

Hi Thanks i have access to the VPN Concentrator the clients are connecting to and here are the logs. I have asked the client to configure the setting within the client VPN to log: Below are the logs from the VPN Concentrator:

[MHRA_Exec] User [olaiyav]IKE Initiator: Rekeying Phase 2 Intf 3 IKE Peer Proxy Address remote Proxy Address SA (ESP-3DES-MD5)

[MHRA_Exec] User [olaiyav]QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

[MHRA_Exec] User [olaiyav]Sending IKE Delete With Reason message: No Reason Provided.

[olaiyav] Group [MHRA_Exec] disconnected: Session Type: IPSec/NAT-T Duration: 0:57:32

Bytes xmt: 1530232 Bytes rcv: 1333072 Reason: Lost Service

ggilbert Thu, 06/28/2007 - 05:25
User Badges:
  • Cisco Employee,

Can you please add the following Events on the concentrator for severities 1-13 for "Events to Log".

IKE, IKEDBG, IPSEC, IPSECDBG and do the test. Capture the client logs when you do this test and send them to me.

Seems like the reason we deleted that connection was because we lost contact with the client.



network_team Thu, 06/28/2007 - 05:43
User Badges:

Gilbert thanks for your help. I am confused how to configure severities 1-13. I have gone to event-general but not sure how to express what i need int he events list

ggilbert Thu, 06/28/2007 - 06:07
User Badges:
  • Cisco Employee,

System | Events | Classes -

Click on ADD, choose the Event and choose the Severities to Log as 1-13



network_team Fri, 06/29/2007 - 05:56
User Badges:

Apologies i have found what you mean. I will gather the logs and get back to u


This Discussion