VPN client Error: 433: (Reason Not Specified by Peer)

Unanswered Question

Hello everybody,

I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.

It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1

ERROR: IKE failed trying to create a session manager entry

Removing peer from peer table failed, no match!

Error: Unable to remove PeerTblEntry

In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.

I attach the output of the debugs in level 1 & 10 and the asa config.

VPN client:

ASA5510 V.8.0(3)6

Thanks in advance.

José Luis

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Thu, 03/12/2009 - 20:29
User Badges:
  • Cisco Employee,

You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version ( seems to have tons of records of this issue.

Gareth Gudger Thu, 01/23/2014 - 06:41
User Badges:

How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?

In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.



This Discussion