cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1111
Views
5
Helpful
7
Replies

ASA 5510, Reason433 (Reason not specified by peer)

donead
Level 1
Level 1

Hi all, we have Cisco ASA 5510 with system image asa521-k8.bin.

When we connect to ASA with cisco VPN client, we face with that Reason, Reason 433.

We permitted necessary udp and tcp ports but noyhing change.

I thougt problem is NAT since We are behind firewall and go outside NAT,but i tried without NAT, againg no change.

Are there anybody help me abt issue?

Thx

7 Replies 7

Collin Clark
VIP Alumni
VIP Alumni

Turn on full logging on the client and post the results. Make sure you santize it first.

%ASA-3-713132: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Cannot obtain an IP address for remote peer

%ASA-3-713902: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Removing peer from peer table failed, no match!

%ASA-4-713903: Group = group-name, Username = username, IP = 213.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry

Oct 02 06:15:57 [IKEv1]: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Removing peer from peer table failed, no match!

Oct 02 06:15:57 [IKEv1]: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry

Bingo, first line. You need to create a pool if IP's on the ASA (or have DHCP provide them).

ip local pool WORD 192.168.70.0-192.168.70.255 mask 255.255.255.255

is it enough? previously i created a pool already.

It should read something like-

ip local pool WORD 192.168.70.1-192.168.70.254

Then you must assign the pool to a VPN group.

tunnel-group general-attributes

address-pool WORD

HI

Did you this resolved and what was the solution

thanks

tonytao
Level 1
Level 1

Hi Donead,

Are you configurating the VPN via ASDM VPN Wizard?

If so, make sure to specify the protected subnet for the head end (even thought the wizard said its ok to leave it blank to expose all network behind 5510).

Cheers

Tony

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: