I'm having this error when i tried to connect to VPN server. I am totally sure that connection group and the user authentication are ok.
It seems to be a IKE phase 1 problem. The output of debug isakmp level 1 & debug crypto ipsec 1
ERROR: IKE failed trying to create a session manager entry
Removing peer from peer table failed, no match!
Error: Unable to remove PeerTblEntry
In addition i tried changing the isakmp policy, but the problem continues. NAT-T is enable and i tried in differents PC with the same result.
I attach the output of the debugs in level 1 & 10 and the asa config.
VPN client: 5.0.05.0290
Thanks in advance.
You have 2 options I can see here, 1 is to go ahead and reboot the ASA and see how it goes, second is to go to 8.0.4 since your version (220.127.116.11) seems to have tons of records of this issue.
How are your users authenticating? Are you using the LOCAL user database on the Cisco ASA itself? Or are you using a AAA authentication server, such as IAS or LDAP?
In my particular case all my users were getting error 433. I was authenticating against a Microsoft LDAP server. I think the Logon DN path had some characters Cisco couldn't comprehend. I moved the Logon Account to a different OU and it fixed it. Here are the details.