VPN client Error: 433: (Reason Not Specified by Peer)

jvelasquez · ‎03-11-2009

Hello everybody,

I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.

It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1

ERROR: IKE failed trying to create a session manager entry

Removing peer from peer table failed, no match!

Error: Unable to remove PeerTblEntry

In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.

I attach the output of the debugs in level 1 & 10 and the asa config.

VPN client: 5.0.05.0290

ASA5510 V.8.0(3)6

Thanks in advance.

JosÃ© Luis

Ivan Martinon · ‎03-12-2009

You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version (8.0.3.6) seems to have tons of records of this issue.

Gareth Gudger · ‎01-23-2014

How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?

In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.

http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/