QM FSM error

Getting “QM FSM error” while establishing a Cisco VPN?  Particularly site-to-site and even more particularly with IOS on one end and a Pix/ASA on the other?

Go to the Pix/ASA side and remove Perfect Forward Secrecy (PFS).  Rather than tell you it’s incompatible, it just barfs because it can’t read it (because it’s you know… encrypted).

no cryptomap outside 1 set pfs group2

If anyone finds a better error message than the ubiquitous “QM FSM error” let me know and I will post it.


, , , , , , , ,

  1. #1 by M Junaid on June 5th, 2012

    Thanks lot , it works, its perfect solution.

  2. #2 by Thanks! on December 19th, 2014

    Thanks, it worked really well! 🙂

(will not be published)

  1. No trackbacks yet.