Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
2
Replies

RA VPN Hanging

whisperwind
Level 1
Level 1

‎09-13-2007 09:09 AM - edited ‎03-11-2019 04:10 AM

I have an ASA (5510) that is running 8.02, it needs to terminate VPNs on its outside interface, I have developed what I believe is a good config but its not working, I get the following error message...

Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Removing peer from peer table failed, no match!

Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Error: Unable to remove PeerTblEntry

Here is the configuration:

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set XFORMSET-AES-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map OUTSIDE_DYN_MAP 20 set transform-set ESP-AES-256-MD5

crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic OUTSIDE_DYN_MAP

crypto map OUTSIDE_MAP interface OUTSIDE

crypto isakmp enable OUTSIDE

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 20

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 10

Labels:
0 Helpful
2 Replies 2

amritpatek
Level 6
Level 6

‎09-19-2007 10:17 AM

Check if you have matching sets of pre-share keys on both sides. Also check for the configuration of Access lists. Following link may help you

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

0 Helpful

Patrick Laidlaw
Level 4
Level 4

‎10-12-2007 11:33 AM

Hello,

I recently had the same problem spent like three nights trying to figure out the problem I started reasearching the potential cause of the errors using the log entry: http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html

Pretty much what it came down to was on one side of the VPN connection IE an 871 router there was an acl applied that was blocking udp 500 and esp. Try verifying on the remote end that UDP 500 and esp is not being blocked.

Patrick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card