Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

site to site vpn asa and checkpoint

I have already configured vpn site to site asa and checkpoint. If I show isakmp sa, the state is active. But everytime packet is delivered, there is some message from asa :

Sep 03 11:37:00 [IKEv1]: Group = <IP Checkpoint>, IP = <IP Checkpoint>, QM FSM error (P2 struct &0xc93a87c8, mess id 0x9c4ac0f)!

Sep 03 11:37:00 [IKEv1]: Group = <IP Checkpoint>, IP = <IP Checkpoint>, Removing peer from correlator table failed, no match!

Can anyone tell me what the meaning of that message error?

Thx,

msi

2 REPLIES

Re: site to site vpn asa and checkpoint

From http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#qms:

One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.

Re: site to site vpn asa and checkpoint

This is an IKE phase 1 error, you need to check what the remote end is using as identity, IP Address or Certifate.

Also check what you are using for your IKE identity.

HTH>

1123
Views
0
Helpful
2
Replies
CreatePlease to create content