Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN on ASA 8.0(2) request timed out

I need to help in identifying what this warning message in my ASA logs say and what i would need to do inorder to correct this problem. I currently have an ASA firewall terminating my end of the VPN tunnel and a Multitech Firewall at my remote network. Below are the log entries from my ASA firewall:

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Removing peer from correlator table failed, no match!

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd575b350, mess id 0x103cc666)!

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Removing peer from correlator table failed, no match!

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd572e928, mess id 0x64598150)!

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd57589a0, mess id 0xd837eb84)!

3|Aug 29 2007|14:43:43|713122|||IP = 207.224.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)

3|Aug 29 2007|14:43:43|713119|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, PHASE 1 COMPLETED

4|Aug 29 2007|14:43:43|713903|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Freeing previously allocated memory for authorization-dn-attributes

4|Aug 29 2007|14:43:42|113019|||Group = 207.224.xxx.xxx, Username = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:01s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

07|14:43:33|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Removing peer from correlator table failed, no match!

3|Aug 29 2007|14:43:33|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd575aad8, mess id 0x4b2a62df)!

3|Aug 29 2007|14:43:33|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Removing peer from correlator table failed, no match!

And also I've noticed a Request timed out when i constantly ping a host in the remote network and this normaly happens during the this part of the log below:

3|Aug 29 2007|14:44:08|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd57589a0, mess id 0xd837eb84)!

3|Aug 29 2007|14:43:43|713122|||IP = 207.224.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)

3|Aug 29 2007|14:43:43|713119|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, PHASE 1 COMPLETED

4|Aug 29 2007|14:43:43|713903|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Freeing previously allocated memory for authorization-dn-attributes

4|Aug 29 2007|14:43:42|113019|||Group = 207.224.xxx.xxx, Username = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Session disconnected. Session Type: IKE, Duration: 0h:00m:01s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch

3|Aug 29 2007|14:43:42|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, Removing peer from correlator table failed, no match!

3|Aug 29 2007|14:43:42|713902|||Group = 207.224.xxx.xxx, IP = 207.224.xxx.xxx, QM FSM error (P2 struct &0xd5663e58, mess id 0x3051851)!

3|Aug 29 2007|14:43:41|713122|||IP = 207.224.xxx.xxx, Keep-alives configured on but peer does not support keep-alives (type = None)

****************************

Reply from 192.168.105.xxx: bytes=32 time=339ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=332ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=326ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=325ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=331ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=324ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=334ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=339ms TTL=63

Request timed out.

Request timed out.

Reply from 192.168.105.xxx: bytes=32 time=347ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=337ms TTL=63

Reply from 192.168.105.xxx: bytes=32 time=338ms TTL=63

2 REPLIES

Re: IPSEC VPN on ASA 8.0(2) request timed out

Do you have a dynamic crypto-map attached to the crypto map on the ASA? Then check that the sequence number is higher for the dynamic crypto-map.

The Keep-alives messages should not be an issue.

New Member

Re: IPSEC VPN on ASA 8.0(2) request timed out

anyways thanks for the help mattiaseriksson :)

i just took the:

crypto map outside_map 1 set pfs

and it finally worked :)

292
Views
0
Helpful
2
Replies
CreatePlease login to create content