VPN problem between two ASAs after upgrading to 8.0

Unanswered Question
Oct 7th, 2007
User Badges:


After upgrading my asa devices (2*5510 and 5505) I started to getting odd messages which relate to lan-to-lan connection between these:

Oct 8 03:18:15 stasa1 %ASA-3-713227: IP = A.B.C.D, Rejecting new IPSec SA negotiation for peer D.C.B.A. A negotiation was already in progress for local

Proxy, remote Proxy

Oct 8 03:18:15 stasa1 %ASA-3-713902: Group = A.B.C.D, IP = A.B.C.D, QM FSM error (P2 struct &0xd8c23fc8, mess id 0x132546bb)!

Oct 8 03:18:15 stasa1 %ASA-3-713902: Group = A.B.C.D, IP = A.B.C.D, Removing peer from correlator table failed, no match!

At same time, users complain that their connections were reset. I think that there were no problems when we were running 7.2.

I wonder if there is something in the configuration I'll have to change after upgrade ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ciscovertis Tue, 12/04/2007 - 06:11
User Badges:


We get the same errors after upgrading asa to 8.0(3) and asdm 6.0(3). Did you already solve the problemen?

AriSuutari Tue, 12/04/2007 - 22:16
User Badges:

Yes. We have two ASA boxes as fault tolerant pair. The solution was to power off both boxes at same time. After that, the problem was gone.


This Discussion