Secure VPN Connection terminated by Peer.Reason 433: (Reason Not Specified by Peer)

elieazzi
elieazzi used Ask the Experts™
on
Hello,

My CISCO VPN Always was working, since 4 days when i try to connect i'm getting this error msg:

Secure VPN Connection terminated by Peer.Reason 433: (Reason Not Specified by Peer)

How i'm able to fix it and what is the solutions... Would you please advice, since i'm not an expert in CISCO... please go in details.

Thank you fory our time.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Sorry, lots of questions to get a better picture of what is going wrong.....
Are you able to browse the internet fine before trying to VPN in?
Is the Host entry a name or an IP address? Do you know if the entry in your host connection allows ping requests?  If yes, can you ping the host before trying to VPN in?
Are you always trying to connect from the same location when you have the problem?  Have you tried connecting from a different location to see if you run into the same problem?
Are you connecting from a hard-wired connection or a wireless connection?

Commented:
something to check first, are you on a dynamic or static IP?
did the ip change?

are you the only one not able to access the VPN or are others in the same situation?

Author

Commented:
Good morning everyone,

This is my ping number:  209.217.118.34

I'm always to ping yes and i get a response.
Yes, I'm able to use and surf internet explorer everything is fine.
Yes i'm able to connect from home before and others employee too.
I'm having the same problem when i connect from different location.
I'm conecting via a wireless conections... before I do that and it's working...

Dynamic or static IP u mean for my VPN, this is the ip of my VPN above.
No the ip didn't change.
No i'm not the only one not able to access the VPN.  Others have the same situation.

Please advice dear expert.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
on some wireless networks you have to enable VPNs.  a vpn connection usually creates larger packets to be transmitted.  sometimes these packets are unable to traverse the wireless network.

also, some wireless networks may drop the connections.  if you are not connected to VPN, you may not notice that your vpn connection has been dropped and reconnected.  with cisco VPN, if keepalives are enabled and a keepalive is not revieved or acknowledged for a specified time period, your connection will be terminated.

to troubleshoot this problem, try connecting to your vpn from the same location but use a wired connection.  this will help you to determine if your wireless network needs to be 'tweaked'.

Author

Commented:
Okay i've connected now and it's the same problem i'm getting. w2hat i should do?

Commented:
Who controls the other end of the VPN connection?  ie. Have you verified that your account is still valid and that your credentials are still correct?  Could they have implemented a new VPN policy, for example, that you must have firewall software enabled before allowing you to VPN in?

Did you make any changes to your home router configuration setttings recently?  Some routers require that you specifically state that you allow IPSEC traffic to traverse.

Commented:
You might want to also try going into your connection entry in your Cisco VPN client and modify it.  Go to the Transport tab and make sure you have "Enable Trasparent Tunneling" check marked.  If you are current set to use UDP (NAT/PAT), try changing it to IPSec over TCP and save your changes and try to connect again.

Author

Commented:
Hello Amnoux,

 I did what u told me to change to IPSEC over TCP, didn't work i got this msg when i'm trying to connect.
Reason 414: Failed to establish a TCP connections

Even the pop-box didn't show to enter my password.

Author

Commented:
Amanoux,

How i'm able to know if my account is still valid and that your credentials are still correct?  

?

Author

Commented:
How i'm able to telnet or to enter my cisco firewal via which programs ?
IP :

Commented:
I was under the assumption that you are trying to VPN into your work's network.  If that's correct, is there a network team that set up your VPN login account and credentials that you can contact and verify your account is still valid?

What version of the Cisco VPN client are you using?  Would it be possible to uninstall and reinstall it?

Author

Commented:
Yes, i'm trying to vpn to my works network from home.  There was a consultant guy came and did the installation for us and he provide me the username and password.   but it was working correctly by chance this what happens now... do u think i need to renew a license or something etc.... ?

Curently on my laptop vista bus i'm using version 5.0.01.0600

What do u think?

Author

Commented:
Right now i'm trying to see to enter directly via a shss program to my VPN to see if the configuration is correct... but i don't have this small tool on my vista ssh connection etc..

Author

Commented:
I would like to download the new vpn Cisco VPN Client v5.0.04.0300  where? do u know for vista?

Commented:
Just to summarize..... you are running Windows Vista on your personal computer with a Cisco VPN client version 5.0.  You connect to the internet via a home wireless router. You are trying to connect to your work's VPN at IP address: 209.217.118.34 which you can ping fine but can't connect.

Is your work's VPN host a Cisco router? Cisco PIX firewall? or A Cisco Concentrator?  Is that the device you are trying to SSH into to check the configs?  

You might need to add this command to the config "isakmp nat-t"

Commented:
I've got version 5.0.03.0530 that I could send you but I'm not sure how to get it to you.

Author

Commented:
lelloazzi@hotmail.com

Author

Commented:
Just to summarize..... you are running Windows Vista on your personal computer with a Cisco VPN client version 5.0.  

--> yes,
YES You connect to the internet via a home wireless router.

YEs

 You are trying to connect to your work's VPN at IP address: 209.217.118.34 which you can ping fine but can't connect.
yes

Is your work's VPN host a Cisco router? Cisco PIX firewall? or A Cisco Concentrator?

CISCO PIX Firewall

 Is that the device you are trying to SSH into to check the configs?  
yes
You might need to add this command to the config "isakmp nat-t"

I know how i'm able to add this commande to the config now from home...

Commented:
FYI....You might not have wanted to post your email address on this website in the correct format.  Webcrawlers tend to pick this stuff up and you'll start receiving a bunch more spam.

Commented:
I got an error stating your hotmail mailbox is full.
Your FTP site looks like its read only for anonymous users.  Not sure how to upload to it.

Author

Commented:
i see that's fine i got the software client i've installed and it's same problem.

Author

Commented:
you are trying to SSH into to check the configs?  

You might need to add this command to the config "isakmp nat-t"

I will need to try this tomorow from work from the server directly to the ciscor pix.

again which telnet or ssh i should use?

Author

Commented:
Good morning,

Now i'm at work and I've connected to my VPN, via ssh....

And i'll give you a screen shot of my configuration.

Thank you for your time.

Commented:
Be sure the take out any security information in the config before posting it on this site, like passwords, etc.

Author

Commented:
hi there,

i'm in my VPN now where i should type this command isakmp nat-t

Author

Commented:
I'm in my CISCO ASDM 5.2 for ASA

Where i should go to provide u more details?
Commented:
Also, check to see if you have a time out setting enabled

 "vpn-idle-timeout 30"
Try removing that. If you can't remove it from ASDM, try doing via Telnet.
telnet in and go to enable, then conf t
group-policy ACACIA attributes
vpn-idle-timeout none
end
write

Author

Commented:
Pls reviw my cisco config.
cisco1.jpg
cisco2.jpg
cisco.jpg
cisco3.jpg

Author

Commented:
How i'm able to remove it from ASDM

vpn-idle-timeout 30"
Try removing that. If you can't remove it from ASDM,

Commented:
Sorrry, I'm not familiar with ASDM.  I have only configured routers/firewall via the command line.  Maybe someone else can post some help with ASDM.  If you want I can send you some VPN login credentials to your hotmail account where you can test your client against another connection.  That way we can rule out your laptop/VPN client as the cause of the issue.
 

Author

Commented:
Thank you very much!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial