VPN 3000 Concentrator

Answered Question
Oct 28th, 2008
User Badges:

Does anyone know where I can find the meaning of this message?


465 10/28/2008 14:48:06.640 SEV=4 IKEDBG/97 RPT=410 208.96.196.242

Group [208.96.196.242]

QM FSM error (P2 struct &0x6810ef4, mess id 0xeb16b91f)!


466 10/28/2008 14:48:06.640 SEV=7 IKEDBG/65 RPT=39116 208.96.196.242

Group [208.96.196.242]

IKE QM Initiator FSM error history (struct &0x6810ef4)

<state>, <event>:

QM_DONE, EV_ERROR

QM_WAIT_MSG2, EV_TIMEOUT

QM_WAIT_MSG2, NullEvent

QM_SND_MSG1, EV_SND_MSG


Correct Answer by ajagadee about 8 years 6 months ago

Hi,


QM FSM Error


The IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA, and the QM FSM error message appears.


One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#qms


Regards,

Arul


*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ajagadee Tue, 10/28/2008 - 08:35
User Badges:
  • Cisco Employee,

Hi,


QM FSM Error


The IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA, and the QM FSM error message appears.


One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#qms


Regards,

Arul


*Pls rate if it helps*

wgranada1 Wed, 10/29/2008 - 06:54
User Badges:

Yes this makes it clearer, just a fyi found out the the distant end didn't have a route back. Thanks for your help!!!!

Actions

This Discussion