Trouble with ipseс vpn

Unanswered Question
Jun 30th, 2008

At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption

When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:

IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

what is wrong?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nomair_83 Mon, 06/30/2008 - 04:29

Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.

then type:

crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.

crypto isakmp enable outside

let see it works else check the remote site if AES is supported or not.


srue Mon, 06/30/2008 - 04:46

try using group 2 in the isakmp policy. are you using certificate authentication or not?

kaachary Mon, 06/30/2008 - 09:09

Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.


This Discussion