VPN client and ASA

Unanswered Question
May 26th, 2008

Hi,

I had a Cisco vpn clients terminated to an 2 ASA failover.

everything was working fine until a power failure happened and all devices went down, after powering up them again every thing worked fine except the VPN client connectivity it alaways gives this error msg :Reason 412: The remote peer is no longer responding

those ASA are behind an 2820 internet router, the NAT configuration is ok, the internet connectivity is ok, can you please guide me on how troubleshooting this issue.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Tue, 05/27/2008 - 04:11

it sounds like some configuration was not saved before the reload - perhaps you could post the config?

ccier-sh77 Wed, 05/28/2008 - 09:25

and here is the result of the debug crypto isakmp command

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:28 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

Attachment: 
ccier-sh77 Wed, 05/28/2008 - 21:34

the thing this same configuration was working before we had this power blackout!

andrew.prince@m... Thu, 05/29/2008 - 00:51

You are correct - sorry I was looking at something else. You are only using VPN Clients - which perform negotiation in agressive mode, so no need for an IKE policy.

What does the VPN client log indicate when you try and connect?? Are you using the right group id/pwd & user uid/pwd settings when connecting?

ccier-sh77 Wed, 06/04/2008 - 00:12

it worked now, i removed the crypto configurations and keys, and re-write them,it seems that the keys were corrupted!

thanks for the asistance...

Actions

This Discussion