Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
Juniper
L2L IPSec VPN between SRX and ASA, only establish this tunnel from ASA-side.
swanduron
My topology as following:
R1
SRX
ASA
R3
SRX has been configured route-based IPSec L2L tunnel with st0.0 unnumbered and ASA has been configured the standard L2L IPSec. By my configuration, the tunnel will established when R1 and R3 send ICMP traffic each other.
In this, everythine is fine, i configure all device successfully and never received any error messages. But then, the situation is not so lucky. I only trigger this tunnel established from R3 to R1, if clear all IKE sa in SRX and ASA and send ICMP traffic from R1 to R3, will receive the error message as following:
Nov 30 01:55:26 [IKEv1]: Group = 192.168.57.5, IP = 192.168.57.5, Removing peer from correlator table failed, no match!
Nov 30 01:55:40 [IKEv1]: Group = 192.168.57.5, IP = 192.168.57.5, QM FSM error (P2 struct &0xd07ee310, mess id 0x4b8036f3)!
Nov 30 01:55:40 [IKEv1]: Group = 192.168.57.5, IP = 192.168.57.5, Removing peer from correlator table failed, no match!
Nov 30 01:55:41 [IKEv1]: Group = 192.168.57.5, IP = 192.168.57.5, QM FSM error (P2 struct &0xd07ee310, mess id 0xf7f03d93)!
Nov 30 01:55:41 [IKEv1]: Group = 192.168.57.5, IP = 192.168.57.5, Removing peer from correlator table failed, no match!
I am sure all configurations are correctly. Anyone can help me ? Eee..... Can i upload my configuration file to the forum?
Thx a lot!!!!! The problem I have a whole night of torture!!!
Find more posts tagged with
Comments
unclerico
I'm not an SRX guru, but can you change it to use a policy-based VPN?
hasan1507
check if this link helps you i guess it is same issue.
Removing peer from correlator table failed, no match! | Techie Tips IT Guides, Tutorials and Tips
swanduron
----> unclerico
In this topology, policy-based L2L VPN is work fine. This issue occurs when i modify the configuration to route-based L2L VPN.
----> hasan1507
Thank you for your help, this web page is very helpful to me. i will try this night.
But i have a question, if the IPSec L2L peers has the different interesting traffic list, may be cause some sub-network unreachable, is it right ?
hasan1507
Sorry, I could not get what you are saying?
swanduron
Ee.....
I think I understand what you mean, I think you mentioned on the website to the method only to modify the side of the proxy-identity.
hasan1507
yes exactly I have seen issues if proxy-id is not right.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
