Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN 3000 Client disonnects with this error

I have clients VPN in with 4.8.00.0440 client Cisco VPN and they get dissconnected while working with this error:

QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

What does it mean ?

7 REPLIES
Cisco Employee

Re: VPN 3000 Client disonnects with this error

Hello Levent,

QM FSM means - Quick Mode (Which is Phase 2 mode) Finite State Machine. Its just a general error message performed during any of the actions like entry, exit or input occurs.

Inorder to troubleshoot this problem, you need to enable the logs to HIGH and enable logging.

When this error happens again, you can send those logs. Look into the logs before this error message to see where the problem happens.

Also, if you have access to the headend device make sure to enable debugs. If it is a router or a firewall - deb cry isa & deb cry ipsec would be helpful. If you dont have access to it, then just the logs from the client can tell us a little bit about the error.

Thanks

Gilbert

New Member

Re: VPN 3000 Client disonnects with this error

Hi Thanks i have access to the VPN Concentrator the clients are connecting to and here are the logs. I have asked the client to configure the setting within the client VPN to log: Below are the logs from the VPN Concentrator:

[MHRA_Exec] User [olaiyav]IKE Initiator: Rekeying Phase 2 Intf 3 IKE Peer

86.140.119.63local Proxy Address 0.0.0.0 remote Proxy Address 192.168.250.6 SA (ESP-3DES-MD5)

[MHRA_Exec] User [olaiyav]QM FSM error (P2 struct &0xaaf71c8 mess id 0x8ce5a771)!

[MHRA_Exec] User [olaiyav]Sending IKE Delete With Reason message: No Reason Provided.

[olaiyav] Group [MHRA_Exec] disconnected: Session Type: IPSec/NAT-T Duration: 0:57:32

Bytes xmt: 1530232 Bytes rcv: 1333072 Reason: Lost Service

Cisco Employee

Re: VPN 3000 Client disonnects with this error

Can you please add the following Events on the concentrator for severities 1-13 for "Events to Log".

IKE, IKEDBG, IPSEC, IPSECDBG and do the test. Capture the client logs when you do this test and send them to me.

Seems like the reason we deleted that connection was because we lost contact with the client.

Thanks

Gilbert

New Member

Re: VPN 3000 Client disonnects with this error

Gilbert thanks for your help. I am confused how to configure severities 1-13. I have gone to event-general but not sure how to express what i need int he events list

Cisco Employee

Re: VPN 3000 Client disonnects with this error

System | Events | Classes -

Click on ADD, choose the Event and choose the Severities to Log as 1-13

Thanks

Gilbert

New Member

Re: VPN 3000 Client disonnects with this error

I only have option 1-5

New Member

Re: VPN 3000 Client disonnects with this error

Apologies i have found what you mean. I will gather the logs and get back to u

505
Views
15
Helpful
7
Replies
CreatePlease to create content