cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5180
Views
0
Helpful
12
Replies

CISCO 1841 - VPN Error - Reason 433

shanegoodwin
Level 1
Level 1

A couple months ago we had this exact same problem, and this week it cropped up again.

Users report that they will be able to connect to the VPN successfully, but later in the day they will try to connect and receive the message:

Secure VPN connection terminated by peer

Reason 433: (Reason not specified by Peer)

I assume this is sporadic because it might only be happening when multiple users are connecting to the VPN at the same time.

I have seen other forums discuss using a command to resolve the issue:

isakmp nat-t

for NAT traversal, however this command is not recognized when I try to enter it into the config.

Please, any help would be greatly appreciated.

I think it may also be important to mention that the issue seems to go away after power cycling the router, at least for a few weeks. I'm not sure if this is a coincidence.

Thank you in advance.

12 Replies 12

garyrivers
Level 1
Level 1

we have pretty much the same issue.

but as you said, the issue is so sporadic that we can't really troubleshoot it.

Gary

The odd thing is, after I reset the router it goes away for a while. I'm wondering if it has to do with the "Cache Size" setting on the IP pool setup section of the VPN configuration. I'm not sure what the Cache Size means, but it is set to 20 and the number of IP addresses is only 10. Perhaps it is caching more than 10 users on the 10 IPs, or something. Cache Size is not described in any documentation, so I'm afraid to change it!

I think that is the answer!

Pool Name Column

The name of the IP address pool

IP Address Range Column

The IP address range for the selected pool. A range of 2.2.2.0 to 2.2.2.254 provides 255 addresses.

Cache Size Column

The size of the cache for this pool.

Try checking that value. If it is greater than the number of IP addresses in your pool, you will encounter issues.

R you talking about this line:

ip local pool SDM_POOL_1 10.31.40.1 10.31.40.250

in the config?

otherwise I don't see where you are refering.

Gary

It is somewhere in that area of the config. If you get to the properties of one of those items, there will be boxes to change values, etc.

One of them is "Cache Size"

are you config-ing the VPN via a GUI or CLI?

I accessed this particular option through the GUI (SDM). Not sure where to find it in the CLI config.

i brought up the SDM. which page were you refering to?

CONFIGURE TAB --> Addition Tasks (on left) --> Local Pools --> SDM_POOL_## --> Cache Size

I just changed mine to 10 since that's the pool size I have. I hope this fixes it.

Also, under:

CONFIGURE TAB --> VPN (on left) --> VPN --> VPN Components --> Easy VPN Server --> Group Policies --> Group Name (double click on it)

You can change the number of maximum connections at a time. Mine was set to 5. Maybe that was too few also.

*shrug*

okay, thanks.

I've finally caught up to ya.

My "Max.Connections Allowed" doesn't have a # in it.

Good/Bad?

in the Local Cache field had 20 in it. as well.

How would one do this VIA command line? I don't have SDM on my router...

I found it - you simply add a cache-size x to the end of your local pool. So for me it was:

ip local pool EZVPN_POOL_1 192.168.12.10 192.168.12.20 cache-size 10

Cheers,

Josh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: