Trouble with ipseс vpn

Unanswered Question
Jun 30th, 2008
User Badges:

At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption

When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:

IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

what is wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nomair_83 Mon, 06/30/2008 - 04:29
User Badges:
  • Bronze, 100 points or more

Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.

then type:

crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.

crypto isakmp enable outside

let see it works else check the remote site if AES is supported or not.


srue Mon, 06/30/2008 - 04:46
User Badges:
  • Blue, 1500 points or more

try using group 2 in the isakmp policy. are you using certificate authentication or not?

srue Mon, 06/30/2008 - 06:00
User Badges:
  • Blue, 1500 points or more

did you try using group 2?

kaachary Mon, 06/30/2008 - 09:09
User Badges:
  • Cisco Employee,

Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.


This Discussion