S2S VPN Error

limlayhin · ‎05-21-2008

My customer is trying to establish a VPN connection from his network to our network.

However, the VPN connection cannot be established. Following is the error:

2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713119: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, PHASE 1 COMPLETED

2008-05-20 15:16:22 Local4.Notice yy.yy.yy.yy %ASA-5-713904: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, All IPSec SA proposals found unacceptable!

2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, QM FSM error (P2 struct &0xd5a88fe0, mess id 0x6848403d)!

2008-05-20 15:16:22 Local4.Error yy.yy.yy.yy %ASA-3-713902: Group = xx.xx.xx.xx, IP = xx.xx.xx.xx, Removing peer from correlator table failed, no match!

2008-05-20 15:16:22 Local4.Warning yy.yy.yy.yy %ASA-4-113019: Group = xx.xx.xx.xx, Username = xx.xx.xx.xx, IP = xx.xx.xx.xx, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

How can I find out what may go wrong?

shmathur · ‎05-21-2008

Please look at Phase 2 IPSEC policy settings on both the VPN gateway in questions, like transform-set, PFS (enabled or disabled) and crypto ACL. All these parameters should exactly match on both the VPN endpoints.

Hope it helps.

Regards

limlayhin · ‎05-22-2008

I had checked all of the aboves but problem still remains.

shmathur · ‎05-22-2008

Could you please attach the sh run output here?

Thanks