09-13-2007 09:09 AM - edited 03-11-2019 04:10 AM
I have an ASA (5510) that is running 8.02, it needs to terminate VPNs on its outside interface, I have developed what I believe is a good config but its not working, I get the following error message...
Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Removing peer from peer table failed, no match!
Sep 13 04:37:42 [IKEv1]: Group = USERVPN, IP = x.x.x.103, Error: Unable to remove PeerTblEntry
Here is the configuration:
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set XFORMSET-AES-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map OUTSIDE_DYN_MAP 20 set transform-set ESP-AES-256-MD5
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic OUTSIDE_DYN_MAP
crypto map OUTSIDE_MAP interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 10
09-19-2007 10:17 AM
Check if you have matching sets of pre-share keys on both sides. Also check for the configuration of Access lists. Following link may help you
10-12-2007 11:33 AM
Hello,
I recently had the same problem spent like three nights trying to figure out the problem I started reasearching the potential cause of the errors using the log entry: http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html
Pretty much what it came down to was on one side of the VPN connection IE an 871 router there was an acl applied that was blocking udp 500 and esp. Try verifying on the remote end that UDP 500 and esp is not being blocked.
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide