VPN 3000 Concentrator

Answered Question
Oct 28th, 2008

Does anyone know where I can find the meaning of this message?

465 10/28/2008 14:48:06.640 SEV=4 IKEDBG/97 RPT=410 208.96.196.242

Group [208.96.196.242]

QM FSM error (P2 struct &0x6810ef4, mess id 0xeb16b91f)!

466 10/28/2008 14:48:06.640 SEV=7 IKEDBG/65 RPT=39116 208.96.196.242

Group [208.96.196.242]

IKE QM Initiator FSM error history (struct &0x6810ef4)

<state>, <event>:

QM_DONE, EV_ERROR

QM_WAIT_MSG2, EV_TIMEOUT

QM_WAIT_MSG2, NullEvent

QM_SND_MSG1, EV_SND_MSG

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 1 month ago

Hi,

QM FSM Error

The IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA, and the QM FSM error message appears.

One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#qms

Regards,

Arul

*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ajagadee Tue, 10/28/2008 - 08:35

Hi,

QM FSM Error

The IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA, and the QM FSM error message appears.

One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#qms

Regards,

Arul

*Pls rate if it helps*

wgranada1 Wed, 10/29/2008 - 06:54

Yes this makes it clearer, just a fyi found out the the distant end didn't have a route back. Thanks for your help!!!!

Actions

This Discussion