VPN client Error: 433: (Reason Not Specified by Peer)

Unanswered Question
Mar 11th, 2009

Hello everybody,

I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.

It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1

ERROR: IKE failed trying to create a session manager entry

Removing peer from peer table failed, no match!

Error: Unable to remove PeerTblEntry

In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.

I attach the output of the debugs in level 1 & 10 and the asa config.

VPN client: 5.0.05.0290

ASA5510 V.8.0(3)6

Thanks in advance.

José Luis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Ivan Martinon Thu, 03/12/2009 - 20:29

You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version (8.0.3.6) seems to have tons of records of this issue.

Bluediver1 Thu, 01/23/2014 - 06:41

How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?

In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.

http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/

Actions

Login or Register to take actions

This Discussion

Posted March 11, 2009 at 6:56 PM
Stats:
Replies:2 Avg. Rating:
Views:5010 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard