04-17-2009 12:21 PM - edited 02-21-2020 10:23 AM
I have about 10 VPN clients connecting to a Cisco ASA 5510. I am getting calls that sometimes people are getting 413 errors here and there. When they out it username and password, the dialog box pops up again and then they get a error 413 cannot authenticate. Any ideas, they are IPsec tunnels which I hae 250 available.
04-20-2009 04:59 AM
What are they authenticating too? local / AD / RADIUS?
04-20-2009 12:11 PM
local
04-20-2009 08:01 AM
The easiest way to troubleshoot this would be to retrieve the debug information when the users fail to connect:
debug cry isa 200
debug cry ipsec 200
Though you gotta be careful when you enable the debug, if you have many IPSEC tunnels running, the ASA may resent showing all the debug information.
On release 8.0 there's a "debug crypto condition" command for you to choose only the debugs from the peer (you'll need to know the client's public address)
I would also suggest to try to get more information on the error: is it happening for ALL the users? it's happening always from the same location: home, office, etc?
Sometimes this "random" connection issues are related to delay/problems with the client's internet connection.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide