
	Home > Ask the Networking Experts > Network security with Puneet Mehta Questions & Answers > What network security threat does a QM FSM error pose in IPsec VPNs?

Ask The Networking Expert: Questions & Answers

EMAIL THIS

What network security threat does a QM FSM error pose in IPsec VPNs?

EXPERT RESPONSE FROM: Puneet Mehta

		Pose a Question

		Other Networking Categories

		Meet all Networking Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 14 August 2008
I have configured an IPsec LAN-to-LAN VPN on a Cisco concentrator on my side and the client end has a Cisco PIX firewall.
When I see filter logs in my concentrator, it's showing that the tunnel is established and it's also showing a QM FSM error.
Sample of log is as below:
12391 02/27/2008 21:26:00.970 SEV=4 IKEDBG/97 RPT=5664 x.x.x.x Group [x.x.x.x] QM FSM error (P2 struct &0xe6cc160, mess id 0x3abad321)! 12381 02/27/2008 21:25:50.960 SEV=4 IKE/41 RPT=50043 x.x.x.x Group [x.x.x.x] IKE Initiator: New Phase 2, Intf 2, IKE Peer x.x.x.x local Proxy Address x.x.x.0, remote Proxy Address x.x.x.0, SA (L2L: Enabil-Tunnel)

What kind of security threat does this pose, and how do I fix it?

EXPERT RESPONSE
The QM FSM error message appears because the IPsec L2L VPN tunnel does not come up on the PIX firewall or ASA properly.

One possible reason is the proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network security with Puneet Mehta
	Controlling network access by MAC address restriction on wired networks
	Retrieve network resources and email after installing ISA Server 2004
	How to block porn with ISA-server firewalls
	Who is responsible for updating network firewalls?
	How to locate the lost IP address of an access point (AP)
	What HIPPA-compliant software would you recommend for online medicine?
	To simulate voice over IPSec VPNs which simulators work?
	How to set passwords on folders in Windows 2003 servers
	What commands allow network traffic to pass through PIX firewalls?
	For an SMB firewall, what features should I look at?

Network Monitoring

Network management software vendors offer virtualization management

Hospital gains network visibility by convincing vendors to collaborate

NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18

Monitoring your enterprise network with Solarwinds' ipMonitor

Retrospective network analysis might have found Google's lost billions

What correlation does ping latency have with high server activity?

Measure wireless network performance using testing tool iPerf

Why wireless network cards show activity when no one uses the computer

WildPackets' packet analysis tool helps newspaper fix network problems

Networking data visualization not just for pointy-headed bosses

Network Monitoring Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

10-high-day busy period (SearchNetworking.com)

ACK (SearchNetworking.com)

baseboard management controller (SearchNetworking.com)

call failure rate (SearchNetworking.com)

jam (SearchNetworking.com)

Jini (SearchNetworking.com)

maximum segment size (SearchNetworking.com)

maximum transmission unit (SearchNetworking.com)

netstat (SearchNetworking.com)

network tracking tool (SearchNetworking.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Expert networking advice and tips for IT professionals

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2000 - 2008, TechTarget \| Read our Privacy Policy