Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
36598
Views
5
Helpful
6
Replies

removing peer from peer table failed error

Go to solution
abdul basit
Level 1
Level 1

‎01-14-2013 01:05 AM

PIX Version 7.2(2)

!

hostname pix

!

interface Ethernet0

nameif outside

security-level 0

ip address publicip 255.255.255.224

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.5.1 255.255.255.0

!

passwd xxxxxxxxxx encrypted

ftp mode passive

dns domain-lookup outside

dns domain-lookup inside

dns server-group DefaultDNS

same-security-traffic permit intra-interface

object-group service dns tcp-udp

description primary-dns

access-list allow extended permit ip any any

access-list vpn extended permit ip xxx.98.0.0 255.255.0.0 192.168.12.0 255.255.255.0

access-list vpn extended permit ip xxx.98.0.0 255.255.0.0 10.100.10.0 255.255.255.0

access-list vpn-ieee extended permit ip 192.168.12.0 255.255.255.0 xxx.98.0.0 255.255.0.0

access-list vpn-ieee extended permit ip 10.100.10.0 255.255.255.0 xxx.98.0.0 255.255.0.0

access-list digitalclients extended permit ip 10.100.10.0 255.255.255.0 xxx.98.0.0 255.255.0.0

pager lines 24

mtu outside 1500

mtu inside 1500

ip local pool digitallibpool 10.100.10.0-10.100.10.254

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-603.bin

asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (outside) 0 access-list vpn

nat (outside) 1 access-list vpn-ieee

nat (inside) 1 192.168.5.0 255.255.255.0

access-group allow in interface inside

route outside 0.0.0.0 0.0.0.0 121.52.147.65 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

group-policy digitallib internal

group-policy digitallib attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value digitalclients

username uetpix password fbrWs9tE8wap9fQF encrypted

http server enable

http 192.168.5.2 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set router-set esp-des esp-sha-hmac

crypto ipsec transform-set digitallibset esp-des esp-sha-hmac

crypto dynamic-map cisco 1 set transform-set router-set

crypto dynamic-map cisco 1 set reverse-route

crypto dynamic-map REMOTEMAP 100 set transform-set digitallibset

crypto map dyn-map 10 ipsec-isakmp dynamic cisco

crypto map STATICLIB 100 ipsec-isakmp dynamic REMOTEMAP

crypto map STATICLIB interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal  20

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 30 retry 10

tunnel-group digitallib type ipsec-ra

tunnel-group digitallib general-attributes

address-pool digitallibpool

default-group-policy digitallib

tunnel-group digitallib ipsec-attributes

pre-shared-key *

telnet 192.168.5.0 255.255.255.0 inside

telnet timeout 20

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 20

ssh version 1

console timeout 10

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

inspect netbios

  inspect tftp

  inspect http

  inspect ils

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum 512

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:8c5cd31c762c24c7577127e8d6ce19fd

: end

pix(config)# Jan 14 13:21:34 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Removing peer from peer table failed, no match!

Jan 14 13:21:34 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Error: Unable to remove PeerTblEntry

Jan 14 13:21:39 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Removing peer from peer table failed, no match!

Jan 14 13:21:39 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Error: Unable to remove PeerTblEntry

Jan 14 13:21:44 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Removing peer from peer table failed, no match!

Jan 14 13:21:44 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Error: Unable to remove PeerTblEntry

Jan 14 13:21:49 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Removing peer from peer table failed, no match!

Jan 14 13:21:49 [IKEv1]: Group = digitallib, IP = 182.185.41.238, Error: Unable to remove PeerTblEntry

my site to site vpn with router dynamic ip is working and now i configure pix for easy vpn , when i tried from client , its giving me the following error. where is the problem ? please help me

4 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rudy Sanjoko
Level 4
Level 4

‎01-14-2013 02:50 AM

See my answer to other thread that has similar issue with yours.

https://supportforums.cisco.com/thread/2191603

by looking briefly at your config, try to change the hashing algorithm to md5 instead of sha, if you want to use sha you will need to use 3des for encryption.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rudy Sanjoko
Level 4
Level 4

‎01-14-2013 02:50 AM

See my answer to other thread that has similar issue with yours.

https://supportforums.cisco.com/thread/2191603

by looking briefly at your config, try to change the hashing algorithm to md5 instead of sha, if you want to use sha you will need to use 3des for encryption.
0 Helpful

Go to solution
abdul basit
Level 1
Level 1
In response to Rudy Sanjoko

‎01-14-2013 02:58 AM

Thank you so much rudy it worked ... cisco community is extremly helpful

0 Helpful

Go to solution
Rudy Sanjoko
Level 4
Level 4
In response to abdul basit

‎01-14-2013 03:14 AM

you're very welcome and thanks for the rate! I know, I've got numerous helps from this community as well

0 Helpful

Go to solution
abdul basit
Level 1
Level 1
In response to Rudy Sanjoko

‎01-14-2013 06:11 AM

hi rudy , i am getting this problem now

pix(config)# Jan 14 18:19:32 [IKEv1]: Group = digitallib, IP = 182.185.82.22, QM FSM error (P2 struct &0x3c72a18, mess id 0xc8bfe)!

Jan 14 18:19:32 [IKEv1]: Group = digitallib, IP = 182.185.82.22, Removing peer from correlator table failed, no match!

0 Helpful

Go to solution
Rudy Sanjoko
Level 4
Level 4
In response to abdul basit

‎01-14-2013 07:02 AM

If static and dynamic peers are configured on the same crypto map, the order of the crypto map entries is very important. The sequence number of the dynamic crypto map entry must be higher than all of the other static crypto map entries. If the static entries are numbered higher than the dynamic entry, connections with those peers fail and the debugs as shown appears. Based on your config above, your static crypto map is higher than the dynamic crypto map, try to change the sequence number of those crypto maps.

Go to solution
abdul basit
Level 1
Level 1
In response to Rudy Sanjoko

‎01-15-2013 12:20 AM

Thanks rudy it worked

0 Helpful
Customers Also Viewed These Support Documents