[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 14932
  • Last Modified:

Cisco VPN access problem

I need help resolving this.  When I connect to my Cisco VPn through a Cisco ASA firewall I get the following error.

Secure VPN connection terminated by Peer.
Reason 433: (Reason Not Specified by Peer)

I need to know what I need to do to resolve this.

Thank you,
1 Solution
Is NAT-T enabled?

If not try enabling it using the following cli,
'isakmp nat-t'

Let me know.

JoelZartAuthor Commented:
Yes Nat-T is enabled.  The problem seems to be with the actual connections gateway because through the same firewall we can get out to the internet.
If ok would you mind just rebooting the firewall?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

JoelZartAuthor Commented:
I can but it will not be until tommorow morning first thing.  I will post again if that solved the problem.  BTW, what is rebooting hoping to solve?
Try referring to the similar problem answered in here,

Sorry my bad of posting a wrong post mesg of rebooting the firewall.
It was for some other problem.

What VPN Client are you using, if you're on XP then I would recommend 4.8 (4.6 is good as well).

Then a question for you, has it ever worked ?

If so, I would do the following;

1. Uninstall the vpn client.
2. In command prompt run this

netsh int ip reset reset.log
netsh winsock reset

then reboot

3. Install the VPN client and import the pcf. Try connecting again.

I assume that the location from where you are dialling is not having the same ip subnet scheme as your corporate.

JoelZartAuthor Commented:
Actually we figured it out.  There is a service account that AD uses to validate authentication throught the ASA.  Once we updated the password people were able to connect no problem.
I am having the same problem. I have tried Rajesh's suggestion to no avail.

If there is a service account that AD uses, it would have been extremely helpful if you would have mentioned what it was called. I am unsure if I have one on my server. There is a user called VPN, but no description of what it is or what it's for. Also, I have no idea when or how the 'VPN' user was created. Lastly, where would the user password be set on the ASA so that it matches what I set in AD?

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now