What could be the potential problem?

You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive
security appliances, but you are not able to pass traffic. You try to troubleshoot the
issue by enabling debug crypto isakmp and see the following messages:
CiscoASA# debug crypto isakmp
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel RejecteD. Conflicting
protocols specified by tunnel-group and group-policy
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct
&0xb0cf31e8, mess id 0x97d965e5)!
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from
correlator table failed, no match!
What could be the potential problem?

You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive
security appliances, but you are not able to pass traffic. You try to troubleshoot the
issue by enabling debug crypto isakmp and see the following messages:
CiscoASA# debug crypto isakmp
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel RejecteD. Conflicting
protocols specified by tunnel-group and group-policy
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct
&0xb0cf31e8, mess id 0x97d965e5)!
[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from
correlator table failed, no match!
What could be the potential problem?

A.
The policy group mapped to the site-to-site tunnel group is configured to use both
IPsec and SSL VPN tunnels.

B.
The policy group mapped to the site-to-site tunnel group is configured to use both
IPsec and L2TP over IPsec tunnels.

C.
The policy group mapped to the site-to-site tunnel group is configured to just use the
SSL VPN tunnel.

D.
The site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec
tunnels.

E.
The site-to-site tunnel group is configured to just use the SSL VPN tunnel.



Leave a Reply 0

Your email address will not be published. Required fields are marked *