10-23-2009 02:24 AM - edited 03-11-2019 09:30 AM
Hi guys,
I have a problem about VPN connection on FW. The VPN client receives a message that sais: " Secure VPN Connection terminated by peer Reason 433: (reason not specified by peer)".
Could anyone help me?
Thank you very much.
Best Regards,
Giuseppe
Solved! Go to Solution.
10-23-2009 06:13 AM
Hi,
Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.
Please check if you have address-pool defined under the tunnel-group or group-policy.
In order to define address-pool, please visit the below listed doc:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html
If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,
debug crypto isa 127
debug crypto ipsec 127
debug aaa authentication
debug aaa common 127
HTH
JK
Plz rate the helpful posts-
10-23-2009 06:13 AM
Hi,
Most of the times we see this error message when client is unable to get an ip address from the firewall/DHCP/external AAA server.
Please check if you have address-pool defined under the tunnel-group or group-policy.
In order to define address-pool, please visit the below listed doc:
http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/vpnadd.html
If the above suggestion doesn't work for you. Please provide us with current configuration, and following debugs,
debug crypto isa 127
debug crypto ipsec 127
debug aaa authentication
debug aaa common 127
HTH
JK
Plz rate the helpful posts-
10-26-2009 04:25 AM
Hi JK,
thank you for your answer. I have another doubt because viewing the FW configuration I noticed that there isn't configured the vpn-addr-assign command but the vpn group is defined in "tunnel-group mygroup general-attributes" and moreover there is also the authentication toward the Radius server with the command "authentication-server-group myradius" .
Maybe could it be this misconfiguration?
It could be the user credentials corruption on Radius Server,isn't it?
Let me know, please.
Best regards,
Giuseppe
01-23-2014 06:42 AM
In my particular case it was all my users were getting error 433. It turned out to be the AAA authentication server settings on the firewall. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. Here is how I fixed it.
http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide