https://community.cisco.com/t5/network-security/reason-433/m-p/1290104#M816405 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.</P><P></P><P>Please check if you have address-pool defined under the tunnel-group or group-policy.</P><P></P><P>In order to define address-pool, please visit the below listed doc:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html</A></P><P></P><P>If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,</P><P></P><P>debug crypto isa 127</P><P>debug crypto ipsec 127</P><P>debug aaa authentication</P><P>debug aaa common 127</P><P></P><P>HTH</P><P></P><P>JK</P><P></P><P>Plz rate the helpful posts-</P></BODY></HTML> Fri, 23 Oct 2009 13:13:26 GMT Jatin Katyal 2009-10-23T13:13:26Z https://community.cisco.com/t5/network-security/reason-433/m-p/1290103#M816401 <P>Hi guys,</P><P></P><P>I have a problem about VPN connection on FW. The VPN client receives a message that sais: " Secure VPN Connection terminated by peer Reason 433: (reason not specified by peer)".</P><P></P><P>Could anyone help me?</P><P></P><P>Thank you very much.</P><P></P><P>Best Regards,</P><P></P><P>Giuseppe</P><P> </P> Mon, 11 Mar 2019 16:30:26 GMT https://community.cisco.com/t5/network-security/reason-433/m-p/1290103#M816401 gpangallo 2019-03-11T16:30:26Z https://community.cisco.com/t5/network-security/reason-433/m-p/1290104#M816405 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.</P><P></P><P>Please check if you have address-pool defined under the tunnel-group or group-policy.</P><P></P><P>In order to define address-pool, please visit the below listed doc:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html</A></P><P></P><P>If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,</P><P></P><P>debug crypto isa 127</P><P>debug crypto ipsec 127</P><P>debug aaa authentication</P><P>debug aaa common 127</P><P></P><P>HTH</P><P></P><P>JK</P><P></P><P>Plz rate the helpful posts-</P></BODY></HTML> Fri, 23 Oct 2009 13:13:26 GMT https://community.cisco.com/t5/network-security/reason-433/m-p/1290104#M816405 Jatin Katyal 2009-10-23T13:13:26Z https://community.cisco.com/t5/network-security/reason-433/m-p/1290105#M816412 <HTML><HEAD></HEAD><BODY><P>Hi JK,</P><P></P><P>thank you for your answer. I have another doubt because viewing the FW configuration I noticed that there isn't configured the vpn-addr-assign command but the vpn group is defined in "tunnel-group mygroup general-attributes" and moreover there is also the authentication toward the Radius server with the command "authentication-server-group myradius" .</P><P>Maybe could it be this misconfiguration?</P><P>It could be the user credentials corruption on Radius Server,isn't it? </P><P>Let me know, please.</P><P></P><P>Best regards,</P><P></P><P>Giuseppe</P><P></P><P></P></BODY></HTML> Mon, 26 Oct 2009 11:25:09 GMT https://community.cisco.com/t5/network-security/reason-433/m-p/1290105#M816412 gpangallo 2009-10-26T11:25:09Z https://community.cisco.com/t5/network-security/reason-433/m-p/1290106#M816421 <HTML><HEAD></HEAD><BODY><P>In my particular case it was all my users were getting error 433. It turned out to be the AAA authentication server settings on the firewall. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. Here is how I fixed it.</P><P><A href="http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/">http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/</A> </P></BODY></HTML> Thu, 23 Jan 2014 14:42:55 GMT https://community.cisco.com/t5/network-security/reason-433/m-p/1290106#M816421 Gareth Gudger 2014-01-23T14:42:55Z