Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

error VPN between pix 515 ASA v. 7.2.(2) and pix 501 v. 6.3(5)

I have configured a vpn between the two pixs, but the vpn doesnt work.

I have this message on the pix 515

3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, Removing peer from correlator table failed, no match!

3|Jun 13 2007|07:07:06|713902|||Group = 172.22.40.2, IP = 172.22.40.2, QM FSM error (P2 struct &0x2ce8100, mess id 0x14444cd5)!

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!

3|Jun 13 2007|07:07:06|713119|||Group = 172.22.40.2, IP = 172.22.40.2, PHASE 1 COMPLETED

6|Jun 13 2007|07:07:06|113009|||AAA retrieved default group policy (DfltGrpPolicy) for user = 172.22.40.2

4|Jun 13 2007|07:07:06|713903|||Group = 172.22.40.2, IP = 172.22.40.2, Freeing previously allocated memory for authorization-dn-attributes

do you have any ideas ?

thanks

2 REPLIES
Gold

Re: error VPN between pix 515 ASA v. 7.2.(2) and pix 501 v. 6.3(

on the 515 enter:

no crypto map outside_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 20 set transform-set ESP-3DES-MD5

clear crypto ipsec sa

clear isa sa

that should do it i think.

the relevent error is:

5|Jun 13 2007|07:07:06|713904|||Group = 172.22.40.2, IP = 172.22.40.2, All IPSec SA proposals found unacceptable!

this means your IPSec SA proposals don't match basically. your 501 is using 3des/md5, and your 515 was configured for des/md5.

Community Member

Re: error VPN between pix 515 ASA v. 7.2.(2) and pix 501 v. 6.3(

yet it's ok

thanks for your help

223
Views
0
Helpful
2
Replies
CreatePlease to create content