Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trouble with ipseс vpn

At first i configure my asa 5520 8.0 to vpn with 3des encryption but now i want aes encryption

When i set new crypto isakmp policy & transform-set it's not working and i see in debug this:

IKEv1]: Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x49ba5a0, mess id 0xcd600011)!

[IKEv1]: Group = x.x.x.x, IP = x.x.x.x, Removing peer from correlator table failed, no match!

what is wrong?

New Member

Re: Trouble with ipseс vpn

Dear just remove the crypto map on interface and no crypto dynamic-map outside_dyn_map 100 set pfs with no crypto isakmp enable outside.

then type:

crypto map mymap 70000 ipsec-isakmp dynamic outside_dyn_map.

crypto isakmp enable outside

let see it works else check the remote site if AES is supported or not.



Re: Trouble with ipseс vpn

try using group 2 in the isakmp policy. are you using certificate authentication or not?

New Member

Re: Trouble with ipseс vpn

Now i used pre-shared key, but in future i want use ca to authentificate


Re: Trouble with ipseс vpn

did you try using group 2?

Cisco Employee

Re: Trouble with ipseс vpn

Looks like AES is not enabled on the remote site. If you do the changes here, make sure the similar changes are done on the remote vpn endpoint.

CreatePlease login to create content