I try to connect to a Cisco ASA5520 Version 8.2(2)5 via the Firmware built in VPN client but always run into error 28G "PH1 Connection Expired".
I use a SunRay 2FS, Firmware GUI4.1_139548-03_2009.10.26.15.43. I read about some Firmware Versions containing bugs but didn't see this version in the list of bad ones. It's from Patch 127553-08 for SRSS 4.0. Phase I of the VPN connection seems to be o.k. The ASA says: 2010-03-15T15:12:00+0100 15:12:00 CET 153.96.96.1 [err] %ASA-3-713122: IP = 10.68.129.101, Keep-alives configured on but peer does not support keep-alives (type = None) 2010-03-15T15:12:00+0100 15:12:00 CET 153.96.96.1 [err] %ASA-3-713902: Group = vpnclients, Username = buerger, IP = 10.68.129.101, QM FSM error (P2 struct &0xce6a4740, mess id 0x31eca7ea)! 2010-03-15T15:12:00+0100 15:12:00 CET 153.96.96.1 [err] %ASA-3-713902: Group = vpnclients, Username = buerger, IP = 10.68.129.101, Removing peer from correlator table failed, no match! 2010-03-15T15:12:00+0100 15:12:00 CET 153.96.96.1 [warning] %ASA-4-113019: Group = vpnclients, Username = buerger, IP = 10.68.129.101, Session disconnected. Session Type: IKE, Duration: 0h:00m:13s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch I tried some changes in Lifetimes or DH groups, but (besides some additional logs informing about the use of the DH groups) the ASA logged the same messages (P2 struct etc of "QM FSM error" is varying). Are there some critical settings in the ASA config to check? _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
