08-03-2007 07:54 AM - edited 03-11-2019 03:53 AM
Hi,
My vpn tunnel is not comming up and I am having the following error, which I donot understand.
Aug 03 16:41:41 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!
Aug 03 16:41:44 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, QM FSM error (P2 struct &0x3baf170, mess id 0xb8cae8a5)!
Aug 03 16:41:44 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!
Aug 03 16:41:50 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, QM FSM error (P2 struct &0x3baf170, mess id 0x83c03218)!
Aug 03 16:41:50 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!
this ip is my remote peer.
Regards
08-03-2007 09:41 AM
post the configs from both peers.
offhand, sounds like somewhere your peer statements aren't matching.
08-03-2007 11:17 AM
Here is my config.
access-list inside_nat0_outbound extended permit ip host 192.168.11.1 host PDS
access-list outside_70_cryptomap extended permit ip host 192.168.11.1 host PDS
access-list inside_nat_outbound extended permit ip object-group Listening host PDS
global (outside) 3 192.168.11.1 netmask 255.255.255.0
nat (inside) 3 access-list inside_nat_outbound
crypto map vpn 70 match address outside_70_cryptomap
crypto map vpn 70 set pfs
crypto map vpn 70 set peer 143.252.4.36
crypto map vpn 70 set transform-set ESP-3DES-SHA
crypto map vpn 70 set security-association lifetime seconds 3600
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto map vpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
tunnel-group 143.252.4.36 type ipsec-l2l
tunnel-group 143.252.4.36 ipsec-attributes
pre-shared-key *
From: Rafiq, Mohammed [mailto:Mohammed.Rafiq@newsint.co.uk]
Sent: 03 August 2007 17:18
To: Hassan Daher
Subject: RE: change Req 214109 (VPN to TLC)
access-list internet_cryptomap_120 extended permit tcp host 10.10.126.140 host 192.168.11.1 eq www
nat (optfir) 0 access-list optfir_nat0_outbound
crypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac
crypto map Thus_map 120 match address internet_cryptomap_120
crypto map Thus_map 120 set pfs
crypto map Thus_map 120 set peer 80.5.93.129
crypto map Thus_map 120 set transform-set ESP-3DES-SHA
crypto map Thus_map 120 set security-association lifetime seconds 3600
crypto map Thus_map interface internet
isakmp enable internet
isakmp enable webcss
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group 80.5.93.129 type ipsec-l2l
tunnel-group 80.5.93.129 ipsec-attributes
pre-shared-key *
08-04-2007 12:26 AM
Your match address statements does not match on both sides. One side is matching on IP and the other on TCP port 80.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide