03-21-2008 12:40 PM - edited 02-21-2020 01:56 AM
I cannot get any Cisco Client to connect to a IPsec tunnel on an ASA 5505. I have used the wizard to configure the remote access vpn, use mostly default configs and then configured the Cisco Client to connect. I keep getting Group = DefaultRAGroup, IP = 10.10.10.250, Removing peer from peer table failed, no match!
any help would be appreciated.
Solved! Go to Solution.
03-21-2008 03:33 PM
Terry, this could be one reason for that error message.
When you launch your vpn client and setup a new VPN profile, you have to enter the tunnel group name you configured in ASA RA vpn and enter the password which is the Pre-shared key you also configured in ASA.
Did you created a new tunnel group or are you using the default DefaultRAGroup? I would recommend you create new tunnel group to keep it separate from the default tunnel group, but if you are uing DefaultRAGroup this is the first login pop up you get when you connect to ASA from the vpn client.
If your tunnel group name is DefaultRAGroup, and know the Pre-shared key, you enter the group name and the pre-shared key as a password , when you pass tunnel group name authentication,then another authentication window will pop up which then you will use a user name and password you have configured in ASA users accounts in device management Users/AAA. What I believe is happening is you are entering a user name and password as suppost to tunnel group name and password and that is why you are getting that error message.
You can use this link as a reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml
Let me know if this helps or not, we may then take a different approache to solve the problem.
Rgds
Jorge
03-21-2008 03:33 PM
Terry, this could be one reason for that error message.
When you launch your vpn client and setup a new VPN profile, you have to enter the tunnel group name you configured in ASA RA vpn and enter the password which is the Pre-shared key you also configured in ASA.
Did you created a new tunnel group or are you using the default DefaultRAGroup? I would recommend you create new tunnel group to keep it separate from the default tunnel group, but if you are uing DefaultRAGroup this is the first login pop up you get when you connect to ASA from the vpn client.
If your tunnel group name is DefaultRAGroup, and know the Pre-shared key, you enter the group name and the pre-shared key as a password , when you pass tunnel group name authentication,then another authentication window will pop up which then you will use a user name and password you have configured in ASA users accounts in device management Users/AAA. What I believe is happening is you are entering a user name and password as suppost to tunnel group name and password and that is why you are getting that error message.
You can use this link as a reference
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml
Let me know if this helps or not, we may then take a different approache to solve the problem.
Rgds
Jorge
03-25-2008 01:51 PM
Thanks Jorge, this was the fix!!
03-25-2008 03:58 PM
Terry, thanks for the update, and Im very glad you have it resolved. Also, thank you for the rating.
Bst Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide