Cisco PIX 515
Pix Ver: 7.2(4)
ASDM Ver: 5.2(4)
I recently upgraded our PIX from 6.3 to 7.2 in order to do L2TP/IPSEC VPN with our Windows Clients. Currently we have 4 site to site static VPN tunnels which were all converted during the upgrade. After installing ASDM, I ran the ASDM VPN Wizard following the instructions from the Cisco website for L2TP/ISA setup ( http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml
). You can watch me running the wizard here ( http://screencast.com/t/VDvMYV5E1
When I attempt to connect from a remote Vista or XP machine, I get 'Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during inital negotiations with the remote computer.' Watching the log in ASDM, I see PHASE 1 COMPLETED followed by QM FSM error (P2 struct &0x2dbce00, mess id 0x1)!, Removing peer from correlator table failed, no match!, Remove peer from peer table no match!.
When I searched the Cisco site for QM FSM error, only thing it mentioned was an issue with sequence numbers, but mentions that there can only be 1 dynamic map for each interface which I think may be part of the issue.
Full running config and debug attached (txt). Modified external ip-addresses and passwords in the config for some security.
Here is a snip of the config for the crypto section, any help would be appriciated.
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map dynmap 20 set transform-set myset
crypto dynamic-map dynmap 40 set transform-set TRANS_ESP_3DES_MD5
crypto map mymap 10 match address texas
crypto map mymap 10 set peer 72.245.149.xxx
crypto map mymap 10 set transform-set myset
crypto map mymap 11 match address oklahoma
crypto map mymap 11 set peer 69.8.25.xxx
crypto map mymap 11 set transform-set myset
crypto map mymap 12 match address canada
crypto map mymap 12 set peer 205.206.59.xxx
crypto map mymap 12 set transform-set myset
crypto map mymap 13 match address colorado
crypto map mymap 13 set peer 69.85.69.xxx
crypto map mymap 13 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
crypto isakmp policy 30