VPN Concentrator L2L sometimes disconnected

hfma_hk09 · ‎06-16-2009

Hi experts, I found my concentrator L2L connection disconnected sometimes and find the following error message, can anyone help (urgent), thanks!

37030 06/09/2009 23:55:17.130 SEV=5 IKE/231 RPT=39 195.x.x.x

Group [195.x.x.x]

Could not find centry for IPSec SA delete message

34020 06/09/2009 08:13:32.030 SEV=4 IKEDBG/97 RPT=41 195.x.x.x

Group [195.x.x.x]

QM FSM error (P2 struct &0x184afc14, mess id 0x9464988)!

34021 06/09/2009 08:13:33.380 SEV=4 AUTH/23 RPT=21 195.x.x.x

User [195.x.x.x] Group [195.x.x.x] disconnected: duration: 22:48:34

34041 06/09/2009 08:20:56.820 SEV=4 IKEDBG/97 RPT=42 195.x.x.x

Group [195.x.x.x]

QM FSM error (P2 struct &0x184b5c68, mess id 0x9073ca9b)!

34042 06/09/2009 08:20:56.820 SEV=4 AUTH/23 RPT=22 195.x.x.x

User [195.x.x.x] Group [195.x.x.x] disconnected: duration: 0:00:58

auraza · ‎06-17-2009

What type of device is on the other side?

hfma_hk09 · ‎06-17-2009

HI Auraza, the other side device is Cisco PIX with version 6.3(4). And here is the isakmp setting for the PIX:

PIX:

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

Concentrator IKE Session:

Encryption Algoritm: DES-56

Hashing Algorithm: MD5

Diffie-Hellman Group: Group 1

Auth. Mode: Pre-Shared Keys

Rekey Time Interval: 86400

Although I found the encryption, hashing and DH Group are different between them, but actually the connection can established for sometimes. Do you think the connection error messages are trigger by this? Please help.