%ASA-3-713902: QM FSM error

Discussion in 'Cisco' started by Tilman Schmidt, Feb 19, 2008.

  1. An ASA 5510 running ASA software version 7.2(3) as an IPSec LAN2LAN
    VPN gateway is spamming the log with bursts of messages:

    Feb 18 06:40:12 x.x.x.x %ASA-5-713904: Group = y.y.y.y, IP = y.y.y.y, All IPSec SA proposals found unacceptable!
    Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, QM FSM error (P2 struct &0x472b280, mess id 0xd375a6ce)!
    Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, Removing peer from correlator table failed, no match!

    Where x.x.x.x is the IP address of the ASA in question and y.y.y.y is
    the IP address of the IPSec peer, a PIX 515 running version 6.3(5).
    The hex values behind "QM FSM error" vary.

    These three lines typically repeat every 5 seconds for 2-3 minutes and
    then stop. The CCO Error Message Decoder is particularly unhelpful on
    message 713902 and doesn't even know message 713904.

    Ideas?

    TIA
    T.

    --
    Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
     
    Tilman Schmidt, Feb 19, 2008
    #1
    1. Advertising

  2. On 19.02.2008 16:16 I wrote:
    > An ASA 5510 running ASA software version 7.2(3) as an IPSec LAN2LAN
    > VPN gateway is spamming the log with bursts of messages:
    >
    > Feb 18 06:40:12 x.x.x.x %ASA-5-713904: Group = y.y.y.y, IP = y.y.y.y, All IPSec SA proposals found unacceptable!
    > Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, QM FSM error (P2 struct &0x472b280, mess id 0xd375a6ce)!
    > Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, Removing peer from correlator table failed, no match!


    Found and fixed a mismatch between the IP address ranges associated with
    the crypto maps on both ends. It looks like the messages have stopped since.

    HTH
    T.

    --
    Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
     
    Tilman Schmidt, Feb 20, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. IPSec FSM

    , Mar 9, 2005, in forum: Cisco
    Replies:
    3
    Views:
    792
    Ivan OstreŇ°
    Mar 10, 2005
  2. Replies:
    3
    Views:
    827
  3. FSM Diagrams

    , Jan 21, 2007, in forum: Computer Support
    Replies:
    5
    Views:
    1,953
    Anonymous
    Jan 23, 2007
  4. Replies:
    1
    Views:
    3,372
  5. Tilman Schmidt
    Replies:
    1
    Views:
    2,623
    Thrill5
    Oct 22, 2008
Loading...

Share This Page