06-30-2008 04:18 AM - edited 03-11-2019 06:06 AM
At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption
When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:
IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!
[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!
what is wrong?
06-30-2008 04:29 AM
Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.
then type:
crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.
crypto isakmp enable outside
let see it works else check the remote site if AES is supported or not.
Regards,
06-30-2008 04:46 AM
try using group 2 in the isakmp policy. are you using certificate authentication or not?
06-30-2008 05:41 AM
Now i used pre-shared key, but in future i want use ca to authentificate
06-30-2008 06:00 AM
did you try using group 2?
06-30-2008 09:09 AM
Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide