What could be the potential problem?

You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive security appliances, but you are not able to pass traffic. You try to troubleshoot the issue by enabling debug crypto isakmp and see the following messages:

CiscoASA# debug crypto isakmp

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct &0xb0cf31e8, mess id 0x97d965e5)!

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from correlator table failed, no match!

What could be the potential problem?

You are trying to set up a site-to-site IPsec tunnel between two Cisco ASA adaptive security appliances, but you are not able to pass traffic. You try to troubleshoot the issue by enabling debug crypto isakmp and see the following messages:

CiscoASA# debug crypto isakmp

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, QM FSM error (P2 struct &0xb0cf31e8, mess id 0x97d965e5)!

[IKEv1]: Group = 209.165.200.231, IP = 209.165.200.231, Removing peer from correlator table failed, no match!

What could be the potential problem?

A.
The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and SSL VPN tunnels.

B.
The policy group mapped to the site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.

C.
The policy group mapped to the site-to-site tunnel group is configured to just use the SSL VPN tunnel.

D.
The site-to-site tunnel group is configured to use both IPsec and L2TP over IPsec tunnels.

E.
The site-to-site tunnel group is configured to just use the SSL VPN tunnel.



Leave a Reply 0

Your email address will not be published. Required fields are marked *