Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
3
Replies

Tunnel not comming up

mohammedrafiq
Level 1
Level 1

‎08-03-2007 07:54 AM - edited ‎03-11-2019 03:53 AM

Hi,

My vpn tunnel is not comming up and I am having the following error, which I donot understand.

Aug 03 16:41:41 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!

Aug 03 16:41:44 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, QM FSM error (P2 struct &0x3baf170, mess id 0xb8cae8a5)!

Aug 03 16:41:44 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!

Aug 03 16:41:50 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, QM FSM error (P2 struct &0x3baf170, mess id 0x83c03218)!

Aug 03 16:41:50 [IKEv1]: Group = 80.5.93.129, IP = 80.5.93.129, Removing peer from correlator table failed, no match!

this ip is my remote peer.

Regards

Labels:
0 Helpful
3 Replies 3

srue
Level 7
Level 7

‎08-03-2007 09:41 AM

post the configs from both peers.

offhand, sounds like somewhere your peer statements aren't matching.

0 Helpful

mohammedrafiq
Level 1
Level 1
In response to srue

‎08-03-2007 11:17 AM

Here is my config.

access-list inside_nat0_outbound extended permit ip host 192.168.11.1 host PDS

access-list outside_70_cryptomap extended permit ip host 192.168.11.1 host PDS

access-list inside_nat_outbound extended permit ip object-group Listening host PDS

global (outside) 3 192.168.11.1 netmask 255.255.255.0

nat (inside) 3 access-list inside_nat_outbound

crypto map vpn 70 match address outside_70_cryptomap

crypto map vpn 70 set pfs

crypto map vpn 70 set peer 143.252.4.36

crypto map vpn 70 set transform-set ESP-3DES-SHA

crypto map vpn 70 set security-association lifetime seconds 3600

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto map vpn interface outside

crypto isakmp identity address

crypto isakmp enable outside

tunnel-group 143.252.4.36 type ipsec-l2l

tunnel-group 143.252.4.36 ipsec-attributes

pre-shared-key *

From: Rafiq, Mohammed [mailto:Mohammed.Rafiq@newsint.co.uk]

Sent: 03 August 2007 17:18

To: Hassan Daher

Subject: RE: change Req 214109 (VPN to TLC)

access-list internet_cryptomap_120 extended permit tcp host 10.10.126.140 host 192.168.11.1 eq www

nat (optfir) 0 access-list optfir_nat0_outbound

crypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac

crypto map Thus_map 120 match address internet_cryptomap_120

crypto map Thus_map 120 set pfs

crypto map Thus_map 120 set peer 80.5.93.129

crypto map Thus_map 120 set transform-set ESP-3DES-SHA

crypto map Thus_map 120 set security-association lifetime seconds 3600

crypto map Thus_map interface internet

isakmp enable internet

isakmp enable webcss

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption 3des

isakmp policy 30 hash sha

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

tunnel-group 80.5.93.129 type ipsec-l2l

tunnel-group 80.5.93.129 ipsec-attributes

pre-shared-key *

0 Helpful

mattiaseriksson
Level 3
Level 3
In response to mohammedrafiq

‎08-04-2007 12:26 AM

Your match address statements does not match on both sides. One side is matching on IP and the other on TCP port 80.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card