Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

vpn tunnel flaps


Given below are debug results fr pix 535 v7.0, we faced this flapping of tunnel even if both ends match the policies, i tried clearing both SAs yet prob still persists & the strange thing is commands like sysopt connection permit-ipsec & crypto map vpn interface int_admin are not showing fr show run crypto command even if both are given already btw with old pix515 v6.3 we didn't face this such issue

Any idea ? TIA

"Jan 01 22:15:38 [IKEv1]: QM IsRekeyed old sa not found by add


Jan 01 22:15:38 [IKEv1]: QM FSM error (P2 struct &0x40ebf58, mess id 0x1bb690a7)


Jan 01 22:15:38 [IKEv1]: Group =, IP =, Removing peer fr

om correlator table failed, no match!..."


Re: vpn tunnel flaps

firstly, the sysopt is no longer shown with "sh run". you may do "sh run sysopt" instead.

regarding the vpn issue, i was just wondering if the issue occurs straight after the upgrade from 6.3 to 7.0 or not. and whether the codes for vpn has been modified manually. the reason being that the upgrade process is meant to auto modify the codes, however, it doesn't do well with vpn.

for further assistance, please post the entire config with public ip masked.

CreatePlease to create content