Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN client and ASA

Hi,

I had a Cisco vpn clients terminated to an 2 ASA failover.

everything was working fine until a power failure happened and all devices went down, after powering up them again every thing worked fine except the VPN client connectivity it alaways gives this error msg :Reason 412: The remote peer is no longer responding

those ASA are behind an 2820 internet router, the NAT configuration is ok, the internet connectivity is ok, can you please guide me on how troubleshooting this issue.

Thanks

6 REPLIES

Re: VPN client and ASA

it sounds like some configuration was not saved before the reload - perhaps you could post the config?

Community Member

Re: VPN client and ASA

and here is the result of the debug crypto isakmp command

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:00 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:05 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:10 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

May 28 08:36:15 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Error: Unable to remove PeerTblEntry

May 28 08:36:28 [IKEv1]: Group = DAE_VPN#, IP = x.x.x.x, Removing peer from peer table failed, no match!

Re: VPN client and ASA

You are missing your IKE phase 1 config?

Community Member

Re: VPN client and ASA

the thing this same configuration was working before we had this power blackout!

Re: VPN client and ASA

You are correct - sorry I was looking at something else. You are only using VPN Clients - which perform negotiation in agressive mode, so no need for an IKE policy.

What does the VPN client log indicate when you try and connect?? Are you using the right group id/pwd & user uid/pwd settings when connecting?

Community Member

Re: VPN client and ASA

it worked now, i removed the crypto configurations and keys, and re-write them,it seems that the keys were corrupted!

thanks for the asistance...

164
Views
0
Helpful
6
Replies
CreatePlease to create content