Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QM FSM error

Hi, Iv'e got a problem with a L2L VPN between a NetScreen 208 and a 3015 concentrator. Here's the error msg, QM FSM error (P2 struct &0x5ad4758, mess id 0x5d1bde99)!

IKE P1 completes fine according to the log on the 3015.

The NS208 P2 looks like this, idletime 0 proposal "g2-esp-3des-sha"

The 3015 P2 looks like this,(see P2 3015.jpg) I can't see a mismatch. Any help would be most thankfully accepted.

4 REPLIES
Silver

Re: QM FSM error

Explanation A phase 1 error occurred and the state, event history pairs will be displayed in reverse chronological order.

Recommended Action Most of these errors are benign. If these messages are associated with undesirable behavior, then copy the error message exactly as it appears on the console or in the system log, contact the Cisco Technical Assistance Center (TAC) for further support and provide the gathered information.

http://www.cisco.com/en/US/products/ps6120/products_system_message_guide_chapter09186a00805452d2.html#wp2263413

New Member

Hi all,

Hi all,

I have the same problem: QM FSM error (P2 struct &0x00007ffee97a8450, mess id 0xf613adca)!

The problem is in fase 2 IPSEC.

We are using ASA (release 8.5) and GOOGLE VPN Cloud.

We already checked all the parameters about fase 2 and we finish our idea.

Do you have resolve the problems about QM FSM error?

let me know. thanks

VIP Green

The two most common reasons

The two most common reasons for this error is a mismatch in the crypto ACL / interesting traffic or a mismatch in the transform sets.  Have you checked and double-checked these settings?

Are you using IKEv1 or IKEv2?

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

yes, the QM FSM error is

yes, the QM FSM error is general for IPSEC/phase 2 mismatch.

In this case, one peer was made from google cloud VPN and that seems don t support ikev1.

so, we change to ikev2 and the problem QM FSM was resolve. thank you.

1257
Views
0
Helpful
4
Replies
CreatePlease login to create content