[c-nsp] Upgrade pix from 6.3(5) to 7.2(1) , L2L vpn with ca doesn't work

[Zacchello Marco]

Hi all

We have upgraded our pix515E from 6.3(5) to 7.2(1).
We have a L2L vpn using certificates, who works well with old ver, but
with the new ver dowsn't work.
The vpn is from our pix515E to a cisco 7206VXR (NPE300) Version
12.2(10).
The 'automatic' config translation between 6.3 and 7.2 doesn't work
well, so I reconfigured it manually.
I get the certificate from the CA, the vpn start, but after some time
stop and restart causing problem to the remote users.

This is the logs about the issue:

%PIX-3-713902: Group = A.B.C.D, IP = A.B.C.D, QM FSM error (P2 struct
&0x2ee3c20, mess id 0x2f953877)!
%PIX-3-713902: Group = A.B.C.D, IP = A.B.C.D, Removing peer from
correlator table failed, no match!
%PIX-3-713134: Group = A.B.C.D, IP = A.B.C.D, Mismatch: P1
Authentication algorithm in the crypto map entry different from
negotiated algorithm for the L2L connection


We have checked the configuration and certificates with the CA
administrator and with the administrator of the c7200, and everything
looks ok.
I have only a doubt about the some differences on the certificates
before and after the upgrade:

unstructuredName=Pix3.test.it/CN=Pix3.test.it  (pix635.bin)
unstructuredName=Pix3.test.it  (pix721.bin)

Can you help me?
Any ideas or bug?

Regards

Marco