Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client Error: 433: (Reason Not Specified by Peer)

Hello everybody,

I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.

It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1

ERROR: IKE failed trying to create a session manager entry

Removing peer from peer table failed, no match!

Error: Unable to remove PeerTblEntry

In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.

I attach the output of the debugs in level 1 & 10 and the asa config.

VPN client:

ASA5510 V.8.0(3)6

Thanks in advance.

José Luis


Re: VPN client Error: 433: (Reason Not Specified by Peer)

You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version ( seems to have tons of records of this issue.

New Member

VPN client Error: 433: (Reason Not Specified by Peer)

How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?

In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.