vpn client asa 5505

Answered Question
Mar 21st, 2008

I cannot get any Cisco Client to connect to a IPsec tunnel on an ASA 5505. I have used the wizard to configure the remote access vpn, use mostly default configs and then configured the Cisco Client to connect. I keep getting Group = DefaultRAGroup, IP = 10.10.10.250, Removing peer from peer table failed, no match!

any help would be appreciated.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 8 years 8 months ago

Terry, this could be one reason for that error message.

When you launch your vpn client and setup a new VPN profile, you have to enter the tunnel group name you configured in ASA RA vpn and enter the password which is the Pre-shared key you also configured in ASA.

Did you created a new tunnel group or are you using the default DefaultRAGroup? I would recommend you create new tunnel group to keep it separate from the default tunnel group, but if you are uing DefaultRAGroup this is the first login pop up you get when you connect to ASA from the vpn client.

If your tunnel group name is DefaultRAGroup, and know the Pre-shared key, you enter the group name and the pre-shared key as a password , when you pass tunnel group name authentication,then another authentication window will pop up which then you will use a user name and password you have configured in ASA users accounts in device management Users/AAA. What I believe is happening is you are entering a user name and password as suppost to tunnel group name and password and that is why you are getting that error message.

You can use this link as a reference

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Let me know if this helps or not, we may then take a different approache to solve the problem.

Rgds

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Fri, 03/21/2008 - 15:33

Terry, this could be one reason for that error message.

When you launch your vpn client and setup a new VPN profile, you have to enter the tunnel group name you configured in ASA RA vpn and enter the password which is the Pre-shared key you also configured in ASA.

Did you created a new tunnel group or are you using the default DefaultRAGroup? I would recommend you create new tunnel group to keep it separate from the default tunnel group, but if you are uing DefaultRAGroup this is the first login pop up you get when you connect to ASA from the vpn client.

If your tunnel group name is DefaultRAGroup, and know the Pre-shared key, you enter the group name and the pre-shared key as a password , when you pass tunnel group name authentication,then another authentication window will pop up which then you will use a user name and password you have configured in ASA users accounts in device management Users/AAA. What I believe is happening is you are entering a user name and password as suppost to tunnel group name and password and that is why you are getting that error message.

You can use this link as a reference

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Let me know if this helps or not, we may then take a different approache to solve the problem.

Rgds

Jorge

JORGE RODRIGUEZ Tue, 03/25/2008 - 15:58

Terry, thanks for the update, and Im very glad you have it resolved. Also, thank you for the rating.

Bst Rgds

Jorge

Actions

This Discussion