Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510, Reason433 (Reason not specified by peer)

Hi all, we have Cisco ASA 5510 with system image asa521-k8.bin.

When we connect to ASA with cisco VPN client, we face with that Reason, Reason 433.

We permitted necessary udp and tcp ports but noyhing change.

I thougt problem is NAT since We are behind firewall and go outside NAT,but i tried without NAT, againg no change.

Are there anybody help me abt issue?

Thx

  • Remote Access
7 REPLIES

Re: ASA 5510, Reason433 (Reason not specified by peer)

Turn on full logging on the client and post the results. Make sure you santize it first.

New Member

Re: ASA 5510, Reason433 (Reason not specified by peer)

%ASA-3-713132: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Cannot obtain an IP address for remote peer

%ASA-3-713902: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Removing peer from peer table failed, no match!

%ASA-4-713903: Group = group-name, Username = username, IP = 213.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry

Oct 02 06:15:57 [IKEv1]: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Removing peer from peer table failed, no match!

Oct 02 06:15:57 [IKEv1]: Group = group_name, Username = username, IP = 213.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry

Re: ASA 5510, Reason433 (Reason not specified by peer)

Bingo, first line. You need to create a pool if IP's on the ASA (or have DHCP provide them).

New Member

Re: ASA 5510, Reason433 (Reason not specified by peer)

ip local pool WORD 192.168.70.0-192.168.70.255 mask 255.255.255.255

is it enough? previously i created a pool already.

Re: ASA 5510, Reason433 (Reason not specified by peer)

It should read something like-

ip local pool WORD 192.168.70.1-192.168.70.254

Then you must assign the pool to a VPN group.

tunnel-group general-attributes

address-pool WORD

New Member

Re: ASA 5510, Reason433 (Reason not specified by peer)

HI

Did you this resolved and what was the solution

thanks

New Member

Re: ASA 5510, Reason433 (Reason not specified by peer)

Hi Donead,

Are you configurating the VPN via ASDM VPN Wizard?

If so, make sure to specify the protected subnet for the head end (even thought the wizard said its ok to leave it blank to expose all network behind 5510).

Cheers

Tony

657
Views
5
Helpful
7
Replies
This widget could not be displayed.