From: Plank, Jason (Jason_Plank@condenast.com)
Date: Mon May 07 2007 - 09:39:45 ART
Phase 2 mismatch. Post configs from both devices.
Jason Plank, CCIE# 16560
Senior Network Engineer
Conde Nast Publications
1201 North Market St.
Wilmington, DE 19808
Email: Jason_Plank@CondeNast.com
Office: 302-830-4910
Cell: 302-290-0387
-----Original Message-----
From: Taiwo Efunogbon [mailto:taiwo.efunogbon@gmail.com]
Sent: Monday, May 07, 2007 08:37 AM Eastern Standard Time
To: ccielab@groupstudy.com
Subject: LAN-to-LAN VPN using the ASDM on ASA5505 and a PIX515
Hello GS,
I am configuring a LAN-to-LAN VPN using the ASDM on ASA5505 and a PIX515.
I do have a completed Phase 1. But the Phase 2 keeps coming up with the
following error on the ASA:
All IPSec SA proposals found unacceptable!
QM FSM error (P2 struct &0x3bd89b0, mess id 0x46e2e95d)!
I have checked the transform-sets and that seems OK, SA Lifetimes are OK as
well.
I'll appreciate an idea on how to fix this.
-- Rgds Taiwo EfunogbonOutput from ASA:
4 May 07 2007 03:33:47 113019 Group = 195.54.x.x, Username = 195.54.x.x, IP = 195.54.x.x, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch 3 May 07 2007 03:33:47 713902 Group = 195.54.x.x, IP = 195.54.x.x, Removing peer from correlator table failed, no match! 3 May 07 2007 03:33:47 713902 Group = 195.54.x.x, IP = 195.54.x.x, QM FSM error (P2 struct &0x3c48e70, mess id 0x9580a93e)! 5 May 07 2007 03:33:47 713904 Group = 195.54.x.x, IP = 195.54.x.x, All IPSec SA proposals found unacceptable! 3 May 07 2007 03:33:47 713119 Group = 195.54.x.x, IP = 195.54.x.x, PHASE 1 COMPLETED
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:20 ART