# Secure VPN connection terminated by peer. Reason 433



## robertin75

Hello:

I have a Cisco ASA5505 VPN router and one of the user reports that is being disconnected after a period of time.

Anyone know what the problem may be?

I'm attaching a screenshoot of the error.

Thanks and help is greatly appreciated.


----------



## Dave Atkin

Hello,

Do you have an idle disconnection time set in th Router?

It maybe worth checking to see if the user can access the internet once the VPN disconnects. It could be an issue at his end.

Also, look here for the Cisco Troubleshooting solutions:
Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions - Cisco Systems 


Dave


----------



## robertin75

Ok I checked with the user and she told me that she did not leave the computer idle.

The VPN connection was suddenly terminated and she had internet access during that time.

I read the possible solutions from that weblink but I'm affraid that I don't understand them very well.

I am attaching 2 screenshoots from the ASDM configuration tool.

One for the VPN policies which are inherited from all users and the other one is for the user accounts settings.

As you can see there is a parameter "Simultaneous logins" on the default group policy screenshoot which is currently set to 3 (default).

At first I thought that the user was being disconnected because other user tried to connect at the same time but apparently that number 3 has nothing to do with this scenario.

According to the help file:

"Simultaneous Logins—If the Inherit check box is not selected, this parameter specifies the maximum number of simultaneous logins allowed for this user. 

The default value is 3. The minimum value is 0, which disables login and prevents user access.

Note:While there is no maximum limit, allowing several simultaneous connections could compromise security and affect performance. "

What do you think? Anything I may still be missing?

Maybe that number 3 indeed has to do with the maximum users that can be connected at the same time?

Thanks for your help


----------



## Dave Atkin

I read the screenshot as the 3 x Simultaneous users will restrict the VPN's to three users... However I am not an expert at this firewall so could be wrong.

If there are more than three users connected when a new user attempts to connect then it will probably disconnect one of the existing sessions.

Do they all log in with their own usernames or do they just use one username?

Note: You're idle time out is set to 30minutes. I know that the user said that they where not idle but unfortunatly, people lie. Bare in mind that the idle time is the time that no traffic is sent through the VPN.


Dave


----------

