12-29-2009 02:11 PM
Hi All,
I need help in troubbleshooting this issue: Site2Site vpn between an Asa 5520 and a Linux Box is up as shown
ciscoasa# sh crypto isa sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 82.112.199.148
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
ciscoasa# sh crypto ipsec sa
interface: outside
Crypto map tag: outside_map, seq num: 1, local addr: 82.88.171.211
access-list outside_1_cryptomap permit ip 10.15.0.0 255.255.0.0 10.57.6.0 255.255.254.0
local ident (addr/mask/prot/port): (10.15.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.57.6.0/255.255.254.0/0/0)
current_peer: 82.112.199.148
#pkts encaps: 1181, #pkts encrypt: 1181, #pkts digest: 1181
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1181, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 82.88.171.211, remote crypto endpt.: 82.112.199.148
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 08F0DA33
inbound esp sas:
spi: 0x775D8D2C (2002619692)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 12288, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3915000/746)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0x08F0DA33 (150002227)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 12288, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914966/746)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
but i get the following error:
ciscoasa# debug crypto isakmp
ciscoasa# Dec 29 22:10:11 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, QM FSM error (P2 struct &0xc86c5b30, mess id 0xdec7ea9b)!
Dec 29 22:10:11 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, Removing p eer from correlator table failed, no match!
Dec 29 22:10:21 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, QM FSM error (P2 struct &0xc8def038, mess id 0xdec7ea9b)!
Dec 29 22:10:21 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, Removing peer from correlator table failed, no match!
Dec 29 22:10:33 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, QM FSM error (P2 struct &0xc8def038, mess id 0x86e6402c)!
Dec 29 22:10:33 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, Removing peer from correlator table failed, no match!
Dec 29 22:10:43 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, QM FSM error (P2 struct &0xc8def038, mess id 0x86e6402c)!
Dec 29 22:10:43 [IKEv1]: Group = 82.112.199.148, IP = 82.112.199.148, Removing peer from correlator table failed, no match!
Any help would be appreciated.
12-31-2009 05:22 AM
Hi,
The problem was regarding the policy applied by the linux Kernel.
Riccardo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide