Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site and Remote Access VPN together on ASA 5505

Hi,

I've tried to set up a new Site to Site VPN on a ASA5505 where there was already a Remote Access VPN on it.

After adding the new configuration lines I got the follwoing message when I debug:

Nov 04 07:06:06 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, QM FSM error (P2 struct &0xd91a4d10, mess id 0xeac05ec0)!

Nov 04 07:04:36 [IKEv1]: Group = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, IP = <OUTSIDE IP ADDRESS OF OTHER SIDE TUNNEL>, Removing peer from correlator table failed, no match!

Does anybody know what is wrong? And what to change in the config?

Thanks in advance,

Ruben

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Site to Site and Remote Access VPN together on ASA 5505

Hi,

If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''

Federico.

1 REPLY

Re: Site to Site and Remote Access VPN together on ASA 5505

Hi,

If the ASA had a Remote Access VPN and you're adding a new Site-to-Site you need to make sure that the priority for the crypto map is lower for the new added Site-to-Site.This is because otherwise the traffic will always try to match the remote-access tunnel.You can verify this with the command ''sh run cry map''

Federico.

270
Views
0
Helpful
1
Replies