03-11-2009 06:56 PM
Hello everybody,
I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.
It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1
ERROR: IKE failed trying to create a session manager entry
Removing peer from peer table failed, no match!
Error: Unable to remove PeerTblEntry
In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.
I attach the output of the debugs in level 1 & 10 and the asa config.
VPN client: 5.0.05.0290
ASA5510 V.8.0(3)6
Thanks in advance.
José Luis
03-12-2009 08:29 PM
You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version (8.0.3.6) seems to have tons of records of this issue.
01-23-2014 06:41 AM
How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?
In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.
http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide