Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
6
Replies

VPN client and ASA

ccier-sh77
Level 1
Level 1

‎05-26-2008 11:24 PM

Hi,

I had a Cisco vpn clients terminated to an 2 ASA failover.

everything was working fine until a power failure happened and all devices went down, after powering up them again every thing worked fine except the VPN client connectivity it alaways gives this error msg :Reason 412: The remote peer is no longer responding

those ASA are behind an 2820 internet router, the NAT configuration is ok, the internet connectivity is ok, can you please guide me on how troubleshooting this issue.

Thanks

Labels:
0 Helpful
6 Replies 6

andrew.prince
Level 10
Level 10

‎05-27-2008 04:11 AM

it sounds like some configuration was not saved before the reload - perhaps you could post the config?

0 Helpful

ccier-sh77
Level 1
Level 1
In response to andrew.prince

‎05-28-2008 09:25 AM

and here is the result of the debug crypto isakmp command

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:28 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

Preview file
1067 KB
0 Helpful

andrew.prince
Level 10
Level 10
In response to ccier-sh77

‎05-28-2008 10:44 AM

You are missing your IKE phase 1 config?

0 Helpful

ccier-sh77
Level 1
Level 1
In response to andrew.prince

‎05-28-2008 09:34 PM

the thing this same configuration was working before we had this power blackout!

0 Helpful

andrew.prince
Level 10
Level 10
In response to ccier-sh77

‎05-29-2008 12:51 AM

You are correct - sorry I was looking at something else. You are only using VPN Clients - which perform negotiation in agressive mode, so no need for an IKE policy.

What does the VPN client log indicate when you try and connect?? Are you using the right group id/pwd & user uid/pwd settings when connecting?

0 Helpful

ccier-sh77
Level 1
Level 1
In response to andrew.prince

‎06-04-2008 12:12 AM

it worked now, i removed the crypto configurations and keys, and re-write them,it seems that the keys were corrupted!

thanks for the asistance...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents