Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Error: Secure VPN connection terminated by Peer. Reason 433 (Reason not specified by peer)

Posted on 2014-10-01
8
Medium Priority
?
15,571 Views
Last Modified: 2014-10-06
Hi Experts,

I am hoping you can help me with this.  I am not a Cisco person so please be patient.

I have the error above.  The windows account that does the ldap connection I recently disabled not knowing it was the account that does this for the vpn.  I reenabled it but users are still getting this error.  I thought for sure this was why.  I have restarted the servers but still nothing?

Nothing else on the config side has changed.  Any ideas?  Does something on the switch have to be restarted?

Thank you,

Karen
0
Comment
Question by:klsphotos
  • 5
  • 3
8 Comments
 
LVL 12

Expert Comment

by:atrevido
ID: 40355142
Are they using a cisco VPN client like ANyconnect?  You sort of elude to the fact that there are > 1 users having the issue but they are all using the same username and password.  Is that true?

Often 433 error means invalid username, or password or locked account.  Try changing the password on that account and unlocking it.  Then have the user try again with new password.
0
 

Author Comment

by:klsphotos
ID: 40355147
We tried several accounts, all get the same error.  The account I mentioned was the account set in the ASA for ldap was disabled.  I reenabled it but they are still getting the error above.
0
 
LVL 12

Expert Comment

by:atrevido
ID: 40355157
ok but you just said two things there - You tried several accounts, all the same error.  Was this all on the same laptop?  Where is this laptop connected to?  If I'm testing VPN on a users machine I MUST be NOT on my network otherwise it won't work.  If you tested 3 different accounts on this users machine (including the one you disabled) and they all get the same error then it isn't an account specific problem.  

This laptop you are testing on - hard wired?  WiFi on as well?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:klsphotos
ID: 40355199
Hi Atrevido,

The user who reported the issue is not here.  He tried on 2 systems, same error.  He connected to my machine through join.me and logged into a server fine so no issue with his account.  Another user here connected externally and tested and same error.  My creds did not work remotely either same error.

The service account that processes the ldap connections was recently disabled by me because I didn't know what it was.  It's renabled but everyone is still getting the same error.

Both hard wired and wifi connections during testing, the error is consistent.  The domain controllers have been restarting just to rule out any issue there but still same error.

The only changes recently made were disabling of some AD user and computer accounts.

Hope that made sense.  Thank you for your help.

Karen
0
 

Accepted Solution

by:
klsphotos earned 0 total points
ID: 40355464
This is resolved.  I moved the OU the accounts were in.  When I moved the OU back everything worked.  I don't like where the OU is currently so I will have to figure that one out.

Thank you so much this is resolved.
0
 
LVL 12

Expert Comment

by:atrevido
ID: 40355530
You never told me you moved the OU.  You said disabled but never moved OU's.  Attached is a snapshot of the config in the firewall and why that is important information.  ALso, OU names and special characters are very important for the ASA as it is very picky.  So good luck with that.
AAA-programming-ASA.pdf
0
 

Author Comment

by:klsphotos
ID: 40356719
Hi Atrevido,

I didn't realize it was relevant to mention it until I researched the error on my own and tested it and discovered that that was the was.  I posted this so that if others had the issue, they could check as well.  The OU needs to go where I moved it so I will tackle that project at another time.

Thank you for that document, that looks like it came from the same article I found about this issue.    Here is the link so others can read the whole article:
http://supertekboy.com/2014/01/23/cisco-vpn-reason-433-reason-not-specified-by-peer/

Thank you for your help.
0
 

Author Closing Comment

by:klsphotos
ID: 40363222
I researched on my own, I had to get it fixed and this resolved the issue.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question