CISCO 1841 - VPN Error - Reason 433

Unanswered Question
Aug 15th, 2007

A couple months ago we had this exact same problem, and this week it cropped up again.

Users report that they will be able to connect to the VPN successfully, but later in the day they will try to connect and receive the message:

Secure VPN connection terminated by peer

Reason 433: (Reason not specified by Peer)

I assume this is sporadic because it might only be happening when multiple users are connecting to the VPN at the same time.

I have seen other forums discuss using a command to resolve the issue:

isakmp nat-t

for NAT traversal, however this command is not recognized when I try to enter it into the config.

Please, any help would be greatly appreciated.

I think it may also be important to mention that the issue seems to go away after power cycling the router, at least for a few weeks. I'm not sure if this is a coincidence.

Thank you in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
garyrivers Mon, 08/20/2007 - 07:30

we have pretty much the same issue.

but as you said, the issue is so sporadic that we can't really troubleshoot it.


shanegoodwin Mon, 08/20/2007 - 07:35

The odd thing is, after I reset the router it goes away for a while. I'm wondering if it has to do with the "Cache Size" setting on the IP pool setup section of the VPN configuration. I'm not sure what the Cache Size means, but it is set to 20 and the number of IP addresses is only 10. Perhaps it is caching more than 10 users on the 10 IPs, or something. Cache Size is not described in any documentation, so I'm afraid to change it!

shanegoodwin Mon, 08/20/2007 - 07:37

I think that is the answer!

Pool Name Column

The name of the IP address pool

IP Address Range Column

The IP address range for the selected pool. A range of to provides 255 addresses.

Cache Size Column

The size of the cache for this pool.

Try checking that value. If it is greater than the number of IP addresses in your pool, you will encounter issues.

garyrivers Mon, 08/20/2007 - 07:48

R you talking about this line:

ip local pool SDM_POOL_1

in the config?

otherwise I don't see where you are refering.


shanegoodwin Mon, 08/20/2007 - 07:54

It is somewhere in that area of the config. If you get to the properties of one of those items, there will be boxes to change values, etc.

One of them is "Cache Size"

shanegoodwin Mon, 08/20/2007 - 07:59

I accessed this particular option through the GUI (SDM). Not sure where to find it in the CLI config.

shanegoodwin Mon, 08/20/2007 - 10:33

CONFIGURE TAB --> Addition Tasks (on left) --> Local Pools --> SDM_POOL_## --> Cache Size

I just changed mine to 10 since that's the pool size I have. I hope this fixes it.

Also, under:

CONFIGURE TAB --> VPN (on left) --> VPN --> VPN Components --> Easy VPN Server --> Group Policies --> Group Name (double click on it)

You can change the number of maximum connections at a time. Mine was set to 5. Maybe that was too few also.


garyrivers Mon, 08/20/2007 - 10:58

okay, thanks.

I've finally caught up to ya.

My "Max.Connections Allowed" doesn't have a # in it.


in the Local Cache field had 20 in it. as well.

jdcrowder Tue, 08/19/2008 - 09:22

How would one do this VIA command line? I don't have SDM on my router...

jdcrowder Tue, 08/19/2008 - 10:23

I found it - you simply add a cache-size x to the end of your local pool. So for me it was:

ip local pool EZVPN_POOL_1 cache-size 10




This Discussion