Luftslottet Wed, 04/29/2009 - 04:33
User Badges:

Hmmm, tomcat/apache problmes. Well here is the original post:



Using a Cisco VPN Client 5.0 on a ASA5505 I cannot connect with IPsec. I get the following log on the ASA:


....QM FSM error(P2 struct....etc

....All IPSec sa Proposals found unacceptable!

....Mismatch: Overriding phase2 DH Group(DH group!) with phase 1 group (DH group 2)

....PHASE 1 COMPLETED


AS I understand, authentication is okey, but the client and ASA cannot find a IKE policy to agree on ? I've tried to setup several IKE's (that are listed supported with the Cisco client) but with the same result. Am I looking in the wrong direction here ? help !


Best regards,

/Kristian


Note: This post can also be found on VPN/Seurity. (double post since the webserver rejected my post x-times).

Actions

This Discussion