RA VPN Hanging

Unanswered Question
Sep 13th, 2007
User Badges:

I have an ASA (5510) that is running 8.02, it needs to terminate VPNs on its outside interface, I have developed what I believe is a good config but its not working, I get the following error message...


Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Removing peer from peer table failed, no match!

Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Error: Unable to remove PeerTblEntry


Here is the configuration:


crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set XFORMSET-AES-SHA esp-aes-256 esp-sha-hmac

crypto dynamic-map OUTSIDE_DYN_MAP 20 set transform-set ESP-AES-256-MD5

crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic OUTSIDE_DYN_MAP

crypto map OUTSIDE_MAP interface OUTSIDE

crypto isakmp enable OUTSIDE

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 20

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 10


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick Laidlaw Fri, 10/12/2007 - 11:33
User Badges:
  • Gold, 750 points or more

Hello,


I recently had the same problem spent like three nights trying to figure out the problem I started reasearching the potential cause of the errors using the log entry: http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html


Pretty much what it came down to was on one side of the VPN connection IE an 871 router there was an acl applied that was blocking udp 500 and esp. Try verifying on the remote end that UDP 500 and esp is not being blocked.


Patrick

Actions

This Discussion