Hi All,

Users are not able to ping servers on the LAN when connected via VPN to ASA5510 configured are Active/Standby failover pair. They could connect via VPN but couldn't PING or launch Microsoft Outlook. I included the command "crypto isakmp nat-traversal 20" but users still could PING. I increased the value to 360. Still no luck.

Also, four out of the six L2L tunnels came up and I could pass traffic over them. But two came up and goes down in less than half a second. For the remaining two, I got the following errors in the ASA log:

4|Jun 07 2008|15:58:44|113019|||||Group = 220.x.x.194, Username = 220.x.x.194, IP = SHANGHAI-PIX, Session disconnected. Session Type: IKE, Duration: 0h:00m:32s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Error

3|Jun 07 2008|15:58:44|713902|||||Group = 220.x.x.194, IP = 220.x.x.194, Removing peer from correlator table failed, no match!

1|Jun 07 2008|15:58:44|713900|||||Group = 220.x.x.194, IP = 220.x.x.194, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

3|Jun 07 2008|15:58:44|713902|||||Group = 220.x.x.194, IP = 220.x.x.194, QM FSM error (P2 struct &0xd5830b58, mess id 0x8508c326)!

From the log in the ASDM, I was asked to contact the Cisco TAC if the problem persists.

Any ideas on what I might be doing wrong would be much appreciated.

Find attached my config as well.

Best regards.