11-28-2006 10:34 PM - edited 03-11-2019 02:02 AM
I have configured my ASA to recieve EASY VPN connections from 877 and 871 routers. All routers eventually connect but the ASA is throwing up these messages when 'debug crypto isakmp' is set off:
Nov 28 14:15:15 [IKEv1]: Group = DefaultRAGroup, Username = remuser1, IP = 60.x.x.230, Error: Unable to remove PeerTblEntry
Nov 28 14:15:16 [IKEv1]: Group = DefaultRAGroup, Username = remuser1, IP = 60.x.x.230, Removing peer from peer table failed, no match!
Nov 28 14:15:16 [IKEv1]: Group = DefaultRAGroup, Username = remuser1, IP = 60.x.x.230, Error: Unable to remove PeerTblEntry
Nov 28 14:15:17 [IKEv1]: Group = DefaultRAGroup, Username = remuser1, IP = 60.x.x.230, Removing peer from peer table failed, no match!
Nov 28 14:17:05 [IKEv1]: Group = DefaultRAGroup, Username = remuser1, IP = 58.105.25.1, Removing peer from peer table failed, no match!
Nov 28 14:17:39 [IKEv1]: Group = DefaultRAGroup, IP = 58.105.25.1, Removing peer from peer table failed, no match!
Nov 28 14:17:39 [IKEv1]: Group = DefaultRAGroup, IP = 58.105.25.1, Error: Unable to remove PeerTblEntry
The authentication for the easy vpn is via a radius server and the username and password is held on there for the end routers connecting.
This is leading to the connection attempts continuing for hours and it is happening every 1 second for some of these routers. Not exactly pushing the Radius server hard but something it could do without.
Thoughts anyone?
11-29-2006 12:34 PM
Can you cenable the following on the ASA
"deb cry isa 128" "deb cry ipsec 128"
And on the router side:
"deb cry isa"
"deb cry ipsec"
Collect those and let me take a look at why this is happening.
Thanks
Gilbert
11-29-2006 01:56 PM
Gilbert,
The above info is from the ASA debug crypto isakmp...
Rick
11-29-2006 11:06 PM
11-30-2006 06:54 AM
Hi,
Thanks for sending the debugs from the ASA. I understand that you have the routers configured for EzVPN connection to the ASA.
If that be the case, do you have a specific group configured for the EzVPN clients on the ASA.
If you do, then the connections for the EzVPN should be landing on the group configured for EzVPN connections and not on the DefaultRAGroup.
Seems like there is something wrong on the ASA configuration.
Please check the ASA configuration.
- Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide