08-15-2007 05:37 AM - edited 02-21-2020 03:13 PM
A couple months ago we had this exact same problem, and this week it cropped up again.
Users report that they will be able to connect to the VPN successfully, but later in the day they will try to connect and receive the message:
Secure VPN connection terminated by peer
Reason 433: (Reason not specified by Peer)
I assume this is sporadic because it might only be happening when multiple users are connecting to the VPN at the same time.
I have seen other forums discuss using a command to resolve the issue:
isakmp nat-t
for NAT traversal, however this command is not recognized when I try to enter it into the config.
Please, any help would be greatly appreciated.
I think it may also be important to mention that the issue seems to go away after power cycling the router, at least for a few weeks. I'm not sure if this is a coincidence.
Thank you in advance.
08-20-2007 07:30 AM
we have pretty much the same issue.
but as you said, the issue is so sporadic that we can't really troubleshoot it.
Gary
08-20-2007 07:35 AM
The odd thing is, after I reset the router it goes away for a while. I'm wondering if it has to do with the "Cache Size" setting on the IP pool setup section of the VPN configuration. I'm not sure what the Cache Size means, but it is set to 20 and the number of IP addresses is only 10. Perhaps it is caching more than 10 users on the 10 IPs, or something. Cache Size is not described in any documentation, so I'm afraid to change it!
08-20-2007 07:37 AM
I think that is the answer!
Pool Name Column
The name of the IP address pool
IP Address Range Column
The IP address range for the selected pool. A range of 2.2.2.0 to 2.2.2.254 provides 255 addresses.
Cache Size Column
The size of the cache for this pool.
Try checking that value. If it is greater than the number of IP addresses in your pool, you will encounter issues.
08-20-2007 07:48 AM
R you talking about this line:
ip local pool SDM_POOL_1 10.31.40.1 10.31.40.250
in the config?
otherwise I don't see where you are refering.
Gary
08-20-2007 07:54 AM
It is somewhere in that area of the config. If you get to the properties of one of those items, there will be boxes to change values, etc.
One of them is "Cache Size"
08-20-2007 07:56 AM
are you config-ing the VPN via a GUI or CLI?
08-20-2007 07:59 AM
I accessed this particular option through the GUI (SDM). Not sure where to find it in the CLI config.
08-20-2007 08:11 AM
i brought up the SDM. which page were you refering to?
08-20-2007 10:33 AM
CONFIGURE TAB --> Addition Tasks (on left) --> Local Pools --> SDM_POOL_## --> Cache Size
I just changed mine to 10 since that's the pool size I have. I hope this fixes it.
Also, under:
CONFIGURE TAB --> VPN (on left) --> VPN --> VPN Components --> Easy VPN Server --> Group Policies --> Group Name (double click on it)
You can change the number of maximum connections at a time. Mine was set to 5. Maybe that was too few also.
*shrug*
08-20-2007 10:58 AM
okay, thanks.
I've finally caught up to ya.
My "Max.Connections Allowed" doesn't have a # in it.
Good/Bad?
in the Local Cache field had 20 in it. as well.
08-19-2008 09:22 AM
How would one do this VIA command line? I don't have SDM on my router...
08-19-2008 10:23 AM
I found it - you simply add a cache-size x to the end of your local pool. So for me it was:
ip local pool EZVPN_POOL_1 192.168.12.10 192.168.12.20 cache-size 10
Cheers,
Josh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: