cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
5
Replies

Trouble with ipseс vpn

At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption

When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:

IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

what is wrong?

5 Replies 5

nomair_83
Level 3
Level 3

Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.

then type:

crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.

crypto isakmp enable outside

let see it works else check the remote site if AES is supported or not.

Regards,

try using group 2 in the isakmp policy. are you using certificate authentication or not?

Now i used pre-shared key, but in future i want use ca to authentificate

did you try using group 2?

kaachary
Cisco Employee
Cisco Employee

Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: