S2S VPN Error

Unanswered Question
May 21st, 2008
User Badges:

My customer is trying to establish a VPN connection from his network to our network.


However, the VPN connection cannot be established. Following is the error:


2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713119: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 1 COMPLETED

2008-05-20 15:16:22 Local4.Notice yy.yy.yy.yy %ASA-5-713904: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, All IPSec SA proposals found unacceptable!

2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0xd5a88fe0, mess id 0x6848403d)!

2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Removing peer from correlator table failed, no match!

2008-05-20 15:16:22 Local4.Warning yy.yy.yy.yy %ASA-4-113019: Group = xx.xx.xx.xx, Username = xx.xx.xx.xx, IP = xx.xx.xx.xx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch



How can I find out what may go wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
shmathur Wed, 05/21/2008 - 02:48
User Badges:

Please look at Phase 2 IPSEC policy settings on both the VPN gateway in questions, like transform-set, PFS (enabled or disabled) and crypto ACL. All these parameters should exactly match on both the VPN endpoints.


Hope it helps.


Regards

limlayhin Thu, 05/22/2008 - 02:26
User Badges:

I had checked all of the aboves but problem still remains.

shmathur Thu, 05/22/2008 - 04:18
User Badges:

Could you please attach the sh run output here?


Thanks

Actions

This Discussion