Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

VPN connection problem

I am facing problem while configuring Remote Access VPN on ASA 5520, i have gone through the wizard to configure the same, while trying to connect using vpn client but there is no connection

I debug crypto Isakm 129

and debug crypto isakm ipsec 129

the message appear when the client try to connect a bellow:

Nov 29 17:28:06 [IKEv1 DEBUG]: Group = training, IP = 10.10.100.201, sending delete/delete with reason message

Nov 29 17:28:06 [IKEv1]: Group = training, IP = 10.10.100.201, Removing peer from peer table failed, no match!

Nov 29 17:28:06 [IKEv1]: Group = training, IP = 10.10.100.201, Error: Unable to remove PeerTblEntry

when I run syslog server the warning and error messages :

11-30-2010 02:30:27 Local4.Warning 172.16.1.1 %ASA-4-713903: Group = training, IP = 10.10.100.201, Error: Unable to remove PeerTblEntry

11-30-2010 02:33:23 Local4.Error 172.16.1.1 %ASA-3-713902: Group = DefaultRAGroup, IP = 10.10.100.201, Removing peer from peer table failed, no match!

my VPN configuration is :

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map rmt-dyna-map 10 set security-association lifetime seconds 28800

crypto dynamic-map rmt-dyna-map 10 set security-association lifetime kilobytes 4608000

crypto dynamic-map rmt-dyna-map 30 set security-association lifetime seconds 28800

crypto dynamic-map rmt-dyna-map 30 set security-association lifetime kilobytes 4608000

crypto map rmt-dyna-map 10 ipsec-isakmp dynamic rmt-dyna-map

crypto map rmt-dyna-map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group training type ipsec-ra

tunnel-group training general-attributes

address-pool ippool

default-group-policy training

tunnel-group training ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 30 retry 10

tunnel-group test type ipsec-ra

tunnel-group test general-attributes

default-group-policy test

tunnel-group test ipsec-attributes

pre-shared-key *

tunnel-group mygroup type ipsec-ra

tunnel-group mygroup general-attributes

default-group-policy mygroup

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd address 172.16.1.10-172.16.1.20 inside

dhcpd dns 217.66.226.8 4.2.2.2

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

dhcpd enable inside

!

any help if you plese

1 REPLY
Cisco Employee

Re: VPN connection problem

can you also share the output of "sh run group-policy"?

398
Views
0
Helpful
1
Replies
CreatePlease to create content