Hi Everyone
I'm trying to establish an IPSec VPN between a Cisco CSR 1000V which is running in Microsoft Azure and an on premises Windows Server 2012 R2 RRAS server. I've used the sample configuration file from the deployment guide but am unable to get a connection established. When I initiate the connection from my on premises RRAS server, the error message is:
RoutingDomainID- {00000000-0000-0000-0000-000000000000}: A Demand Dial connection to the remote interface Cisco CSR 1000V on port VPN2-126 was successfully initiated but failed to complete successfully because of the following error: IKE authentication credentials are unacceptable
I've confirmed that both pre-shared keys are the same at both ends and suspect that the issue could be with my configuration of the CSR 1000V virtual device because I've configured another IPSec VPN from Azure using a Microsoft Azure Gateway (which according to Microsoft's documentation is a pair of RRAS servers running in an Active/Standby configuration), to my on premises RRAS server and this connects almost instantly.
I am not a very experienced user of Cisco products. We are looking to trial this solution and purchase later on if needs be. The configuration script that I am using from the deployment guide is below:
Any help is most appreciated.
crypto isakmp policy 1
encr aes
hash sha256
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0
crypto ipsec transform-set T1 esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec profile P1
set transform-set T1
interface Tunnel0
ip address 3.3.3.1 255.255.255.0
tunnel source GigabitEthernet1
tunnel mode ipsec ipv4
tunnel destination <PublicIPAddressOfOnPremRRAS>
tunnel protection ipsec profile P1
end
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/43069-ios-aes.html
