Trouble with ipseс vpn

Unanswered Question
Jun 30th, 2008

At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption

When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:

IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

what is wrong?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nomair_83 Mon, 06/30/2008 - 04:29

Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.

then type:

crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.

crypto isakmp enable outside

let see it works else check the remote site if AES is supported or not.

Regards,

srue Mon, 06/30/2008 - 04:46

try using group 2 in the isakmp policy. are you using certificate authentication or not?

kaachary Mon, 06/30/2008 - 09:09

Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.

Actions

This Discussion