Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13548
Views
0
Helpful
3
Replies

Reason 433

Go to solution
gpangallo
Level 1
Level 1

‎10-23-2009 02:24 AM - edited ‎03-11-2019 09:30 AM

Hi guys,

I have a problem about VPN connection on FW. The VPN client receives a message that sais: " Secure VPN Connection terminated by peer Reason 433: (reason not specified by peer)".

Could anyone help me?

Thank you very much.

Best Regards,

Giuseppe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎10-23-2009 06:13 AM

Hi,

Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.

Please check if you have address-pool defined under the tunnel-group or group-policy.

In order to define address-pool, please visit the below listed doc:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html

If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,

debug crypto isa 127

debug crypto ipsec 127

debug aaa authentication

debug aaa common 127

HTH

JK

Plz rate the helpful posts-

~Jatin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎10-23-2009 06:13 AM

Hi,

Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.

Please check if you have address-pool defined under the tunnel-group or group-policy.

In order to define address-pool, please visit the below listed doc:

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html

If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,

debug crypto isa 127

debug crypto ipsec 127

debug aaa authentication

debug aaa common 127

HTH

JK

Plz rate the helpful posts-

~Jatin
0 Helpful

Go to solution
gpangallo
Level 1
Level 1
In response to Jatin Katyal

‎10-26-2009 04:25 AM

Hi JK,

thank you for your answer. I have another doubt because viewing the FW configuration I noticed that there isn't configured the vpn-addr-assign command but the vpn group is defined in "tunnel-group mygroup general-attributes" and moreover there is also the authentication toward the Radius server with the command "authentication-server-group myradius" .

Maybe could it be this misconfiguration?

It could be the user credentials corruption on Radius Server,isn't it?

Let me know, please.

Best regards,

Giuseppe

0 Helpful

Go to solution
Gareth Gudger
Level 1
Level 1

‎01-23-2014 06:42 AM

In my particular case it was all my users were getting error 433. It turned out to be the AAA authentication server settings on the firewall. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. Here is how I fixed it.

http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card