Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
VPN Clients unable to connect or pass traffic when connected to the VPN Concentrator, and the "Secure VPN Connection terminated by Peer. Reason 433:(Reason Not Specified by Peer)" error message appears if the connection fails
The VPN Client fails to pass traffic if the client comes from a Network Address Translation (NAT) or Port Address Translation (PAT) device.
At times the first VPN client connects succesfully and is able to pass traffic, but then the rest of the clients fail to connect with this displayed message:
Secure VPN Connection terminated by Peer. Reason 433:(Reason Not Specified by Peer)
In order to resolve this issue, enable NAT Traversal (NAT-T) or IPsec over User Datagram Protocol (UDP) on the VPN Concentrator.
The NAT-T allows IPsec peers to establish a connection through a NAT or PAT device. It encapsulates IPsec traffic in UDP datagrams with the use of port 4500 in order to do this, thereby it provides NAT devices with port information. NAT-T auto-detects any NAT devices, and only encapsulates IPsec traffic when necessary.
NAT-T is mentioned in Internet Engineering Task Force (IETF) RFC 3193, whereas UDP 10000 is a Cisco-developed method that provides a workaround for the PAT problem. The Cisco VPN 3000 Concentrator supports both NAT-T and UDP 10000.
IPsec over UDP, sometimes called IPsec through NAT, allows you to use the Cisco VPN Client or VPN 3002 Hardware Client to connect to the VPN Concentrator on the UDP through a firewall or router that runs NAT. This feature is Cisco proprietary, it applies only to remote-access connections, and it requires Mode Configuration.
You can configure more than one group with this feature enabled, and each group can use a different port number. Port numbers must be in the 4001 through 49151 range, which is a subset of the IANA Registered Ports range.
The Cisco VPN Client must also be configured to use this feature as it is configured to use it by default. The VPN Client Connection Status dialog box indicates if the feature is being used.
In order to configure IPsec over UPD, choose Configuration > User Management > Groups > Modify > Client config.