You do not give much detail to work from. But QM is Quick Mode which is part of the IPSec negotiation. And FSM is Finite State Machine which is the logic that tracks the states that the negotiation goes through. So it looks like there is an error as the concentrator works through the logic of negotiating the Security Association which might reflect an incorrect parameter being transmitted.
I recently ran into the same error message. Phase I succeeded but phase II failed with only this message. After verifying that my all the IPSEC parameters matched exactly on both sides, I noticed that the network(s) in the encrypted domain (network list) on the remote side matched the encrpted domain at another L2L site that was already connected to the concentrator. The concentrator did not allow the same "network list" for more than one remote site.
thanks for the response slmansfield, in my case the device connected and i am able to work with the remote client just that every so often that error would pop up and i wanted to be sure it wasn't something that would turn around and bite me later on. i found something that might explain it though.....it turns out that because the site that i'm connecting is off a DSL wiht nat'd addresses when the concentrator tries to verify the address it sends to the public address that is being broadcasted to it. however because the address is for the ISP and isn't set to forward vpn request to my device it just drops the request and that is what is giving me my error. like i said though thatnks for the response
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :