Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Remote Access VPN On FWSM Module



Dear concern,


I was configured Remote access vpn  on fwsm module successfully connect through vpn client but i did not access my internal resource. Some different type error face need for your valid help.


              VPN-SESSION_DB in SESS_Mgmt_DeleteEntryInt: Account stop failure

Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP =, Removing peer from peer table failed, no match!
Jun 02 14:50:49 [IKEv1]: Group = testgroup, Username = pfsa, IP =, Error: Unable to remove PeerTblEntry

Face this error 


This is my configuration:crypto ipsec transform-set firstset esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set firstset
crypto dynamic-map dyni 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
 address-pool testpool
 default-group-policy RAVPN
tunnel-group testgroup ipsec-attributes
 pre-shared-key *

group-policy RAVPN internal
group-policy RAVPN attributes
 dns-server value XXXXXXX
 vpn-tunnel-protocol IPSec
 pfs disable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value XXXXXXX
 default-domain value XXXXXXX


nat (servers) 0 access-list nonat

Please wait for your reply:;







Hall of Fame Super Silver

A VPN terminating on a FWSM

A VPN terminating on a FWSM in only for management access to the FWSM itself - it is not a full-featured remote access (or site-site) VPN.


"In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself."

Community Member

Thanks For MR Marvin Rhoads

Thanks For MR Marvin Rhoads quick reply.

but i was little confuse after connecting vpn i will access Server prefix gateway addres but i cannot access any internal server ip i hope you clear my mind confusion actually first time creat vpn on FWSM Module. please request you little describe management access with examples. 


Hall of Fame Super Silver

You're welcome.Management

You're welcome.

Management access = access to the FWSM's interface (IP address) for purposes of configuring or monitoring the behavior of the FWSM itself and traffic going through it (using tools such as  "show" commands,  SNMP queries, traps or syslogs).

You cannot access any internal server IP through a VPN terminating on a FWSM. That is not allowed by design.

Community Member

ok realy thanks for Mr Rhoads

ok realy thanks for Mr Rhoads clear my mind regarding remote access vpn on FWSM.

If face further any problem i get your experience.



Hall of Fame Super Silver

You're welcome.Please rate

You're welcome.

Please rate helpful replies and mark your question as answered if it has been.

CreatePlease to create content