Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Pb Connection VPN client with Pix 515E v7.0! please help me


I have the cisco vpn client v4.6.02(in USA) and a pix 515Ev7(France).

I create a VPN remote access(with vpn wizard, ASDM v5.0 ) and it's no Ok. When i connect with the client i have on the pix Log this message :

-Removing peer from peer table fail, no match

- Error : unable to remove PeerTblEntry

Please help me

I give you my conf, What is my error :

ftp mode passive

access-list Outside_access_in extended permit tcp any host 81.192.X.W eq smtp

access-list Outside_access_in extended deny ip any any

access-list inside_nat0_outbound extended permit ip any

access-list Outside_cryptomap_dyn_20 extended permit ip any

ip local pool vpnpool mask


global (Outside) 1 interface

global (DMZ) 1 netmask

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

nat (inside) 1

nat (DMZ) 1

static (inside,DMZ) netmask

static (DMZ,Outside) 81.192.X.W ISVW netmask

static (inside,DMZ) SRV-MAIL SRV-MAIL netmask

static (inside,Outside) 81.192.X.Y netmask

access-group inside_access_in in interface inside

access-group Outside_access_in in interface Outside

access-group DMZ_access_in in interface DMZ

route inside 1

route inside 1

route Outside Router 1

group-policy QQQQQQ internal

username admin password xxx encrypted privilege 15

username user password xxx encrypted privilege 0

username user attributes

vpn-group-policy QQQQQQ

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-DES-SHA

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 20

isakmp ipsec-over-tcp port 10000

tunnel-group QQQQQ type ipsec-ra

tunnel-group QQQQQQgeneral-attributes

address-pool vpnpool

default-group-policy QQQQQQ

tunnel-group QQQQQQ ipsec-attributes

pre-shared-key *

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address inside

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable inside


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http


service-policy global_policy global


Re: Pb Connection VPN client with Pix 515E v7.0! please help me

Hi Marza

I just gone through your config sample and found missing the interface configuration.

I would also suggest to refer this link for more info and also post the interface config.


New Member

Re: Pb Connection VPN client with Pix 515E v7.0! please help me

Hi Marza

I found by myself that

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

not works if you define the source as any if you want to define source for every ip addresses remove the following line from your config or if you want to connect to your pix from a specified ip address then define the source in your access list ,it was my problem that i solved it in this way.


Hope to helpful.

remember rate the useful post.

Best Regards Bahman Mozaffari

CreatePlease to create content