%ASA-3-713902: QM FSM error
Tilman Schmidt
VPN gateway is spamming the log with bursts of messages:
Feb 18 06:40:12 x.x.x.x %ASA-5-713904: Group = y.y.y.y, IP = y.y.y.y, All IPSec SA proposals found unacceptable!
Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, QM FSM error (P2 struct &0x472b280, mess id 0xd375a6ce)!
Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, Removing peer from correlator table failed, no match!
Where x.x.x.x is the IP address of the ASA in question and y.y.y.y is
the IP address of the IPSec peer, a PIX 515 running version 6.3(5).
The hex values behind "QM FSM error" vary.
These three lines typically repeat every 5 seconds for 2-3 minutes and
then stop. The CCO Error Message Decoder is particularly unhelpful on
message 713902 and doesn't even know message 713904.
Ideas?
TIA
T.
--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...
Tilman Schmidt
> An ASA 5510 running ASA software version 7.2(3) as an IPSec LAN2LAN
> VPN gateway is spamming the log with bursts of messages:
>
> Feb 18 06:40:12 x.x.x.x %ASA-5-713904: Group = y.y.y.y, IP = y.y.y.y, All IPSec SA proposals found unacceptable!
> Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, QM FSM error (P2 struct &0x472b280, mess id 0xd375a6ce)!
> Feb 18 06:40:12 x.x.x.x %ASA-3-713902: Group = y.y.y.y, IP = y.y.y.y, Removing peer from correlator table failed, no match!
Found and fixed a mismatch between the IP address ranges associated with
the crypto maps on both ends. It looks like the messages have stopped since.
HTH