Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Between ASA 5505 and SonicWall 4006 pro

I have a problem, when I try to create a VPN tunnel between Cisco ASA and SonicWall 4006. In Phase I, the tunnel is active, but when the ASA can't build the ipsec key and the phase II fails.

Phase I

1 IKE Peer: 200.30.146.8

Type : L2L Role : initiator

Rekey : no State : MM_ACTIVE

Phase II

IKEv1]: Group = 200.30.146.8, IP = 200.30.146.8, QM FSM error (P2 struct &0x391c990, mess id 0xc4c46cb5)!

Mar 23 17:19:06 [IKEv1]: Group = 200.30.146.8, IP = 200.30.146.8, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

Mar 23 17:19:06 [IKEv1]: Group = 200.30.146.8, IP = 200.30.146.8, Removing peer from correlator table failed, no match!

I review all the parameters in ASA 5505 and SonicWall and I saw this link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008052c9d4.shtml

but I can't solve my problem.

Thank's so much!!

1 REPLY

Re: VPN Between ASA 5505 and SonicWall 4006 pro

Hi guillermo,

Is your ASA configured for ip address identity:

isakmp identity address

If it is this message indicates that somehow the traffic is coming "encrypted" to the asa but there is no SA created to decrypt it, go ahead and add the line that I mentioned and turn on "debug crypto isakmp 15" and try again. Post your debugs here if unsuccessful.

636
Views
0
Helpful
1
Replies