Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
15
Helpful
7
Replies

VPN 3000 Client disonnects with this error

network_team
Level 1
Level 1

‎06-28-2007 03:44 AM - edited ‎02-21-2020 01:35 AM

I have clients VPN in with 4.8.00.0440 client Cisco VPN and they get dissconnected while working with this error:

QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

What does it mean ?

0 Helpful
7 Replies 7

ggilbert
Cisco Employee
Cisco Employee

‎06-28-2007 03:59 AM

Hello Levent,

QM FSM means - Quick Mode (Which is Phase 2 mode) Finite State Machine. Its just a general error message performed during any of the actions like entry, exit or input occurs.

Inorder to troubleshoot this problem, you need to enable the logs to HIGH and enable logging.

When this error happens again, you can send those logs. Look into the logs before this error message to see where the problem happens.

Also, if you have access to the headend device make sure to enable debugs. If it is a router or a firewall - deb cry isa & deb cry ipsec would be helpful. If you dont have access to it, then just the logs from the client can tell us a little bit about the error.

Thanks

Gilbert

network_team
Level 1
Level 1
In response to ggilbert

‎06-28-2007 04:19 AM

Hi Thanks i have access to the VPN Concentrator the clients are connecting to and here are the logs. I have asked the client to configure the setting within the client VPN to log: Below are the logs from the VPN Concentrator:

[MHRA_Exec] User [olaiyav]IKE Initiator: Rekeying Phase 2 Intf 3 IKE Peer

86.140.119.63local Proxy Address 0.0.0.0 remote Proxy Address 192.168.250.6 SA (ESP-3DES-MD5)

[MHRA_Exec] User [olaiyav]QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

[MHRA_Exec] User [olaiyav]Sending IKE Delete With Reason message: No Reason Provided.

[olaiyav] Group [MHRA_Exec] disconnected: Session Type: IPSec/NAT-T Duration: 0:57:32

Bytes xmt: 1530232 Bytes rcv: 1333072 Reason: Lost Service

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to network_team

‎06-28-2007 05:25 AM

Can you please add the following Events on the concentrator for severities 1-13 for "Events to Log".

IKE, IKEDBG, IPSEC, IPSECDBG and do the test. Capture the client logs when you do this test and send them to me.

Seems like the reason we deleted that connection was because we lost contact with the client.

Thanks

Gilbert

network_team
Level 1
Level 1
In response to ggilbert

‎06-28-2007 05:43 AM

Gilbert thanks for your help. I am confused how to configure severities 1-13. I have gone to event-general but not sure how to express what i need int he events list

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to network_team

‎06-28-2007 06:07 AM

System | Events | Classes -

Click on ADD, choose the Event and choose the Severities to Log as 1-13

Thanks

Gilbert

network_team
Level 1
Level 1
In response to ggilbert

‎06-28-2007 11:32 PM

I only have option 1-5

0 Helpful

network_team
Level 1
Level 1
In response to network_team

‎06-29-2007 05:56 AM

Apologies i have found what you mean. I will gather the logs and get back to u

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card