I recently configure an ASA 5510 K8 as a remote access VPN. I use the wizzard from ASDM to configure it.
When i try to connect via Cisco VPN client, i can authenticate the tunnel group and PSK successfully. But when i put my username and password for user authentication, the VPN suddenly terminated with error reason 433: VPN connection terminated by peer.
I try to debug crypto isakmp and debug crypto ipsec, this is what i get:
[IKEv1]: Group = xxxx Username = yyyy, IP = 125.166.x.x, Removing peer from peer table failed, no match!
[IKEv1]: Group = xxxx, Username = yyyy, IP = 125.166.x.x, Error: Unable to remove PeerTblEntry
It seem that the IKE phase 1 negotiation failed. I already checked from datasheet, my ASA only support DES encyrption, with MD5 hashing, and Diffie Hellman group 2. Here is the configuration for ISAKMP:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...