on the ASA 5510 configured with a site to site VPN tunnel i get the following messages :
Jan 15 2009 12:10:50: %ASA-1-713900: Group = 18.104.22.168, IP = 123.123.123, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Jan 15 2009 12:10:50: %ASA-3-713902: Group = 22.214.171.124, IP = 126.96.36.199, Removing peer from correlator table failed, no match!
Jan 15 2009 12:15:51: %ASA-3-713902: Group = 188.8.131.52, IP = 184.108.40.206, QM FSM error (P2 struct &0xd6baffb8, mess id 0xd918a302)!
and on the PIX the message is :
402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=220.127.116.11, prot=esp, spi=0x3e4e73c4(1045328836), srcaddr=18.104.22.168
I have hints that the crypto ACL are not symmetric or PFS is mot the same, but customer says this fits.
Any other reasons int tunnel parameters ?