Error 413 Cannot Authenticate

mattscaffa · ‎04-17-2009

I have about 10 VPN clients connecting to a Cisco ASA 5510. I am getting calls that sometimes people are getting 413 errors here and there. When they out it username and password, the dialog box pops up again and then they get a error 413 cannot authenticate. Any ideas, they are IPsec tunnels which I hae 250 available.

AxiomConsulting · ‎04-20-2009

What are they authenticating too? local / AD / RADIUS?

mattscaffa · ‎04-20-2009

local

Daniela Herrera · ‎04-20-2009

The easiest way to troubleshoot this would be to retrieve the debug information when the users fail to connect:

debug cry isa 200

debug cry ipsec 200

Though you gotta be careful when you enable the debug, if you have many IPSEC tunnels running, the ASA may resent showing all the debug information.

On release 8.0 there's a "debug crypto condition" command for you to choose only the debugs from the peer (you'll need to know the client's public address)

I would also suggest to try to get more information on the error: is it happening for ALL the users? it's happening always from the same location: home, office, etc?

Sometimes this "random" connection issues are related to delay/problems with the client's internet connection.

Regards,