cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1957
Views
0
Helpful
14
Replies

Calling on all Cisco Experts Need your Advise

Thomas Grassi
Level 1
Level 1

     I have a small home network currently using a cisco 841 which is working great. Host a web site and Exchange plus all 10 computers access the net using Verizon FIOS all works. I can even VPN in to my newtwork remotely.

I can only VPN using the Cisco client. I would like to use the Native Windows Client and Ipads and Iphones. I believe they use PPTP and the Cisco client is using IPSEC.

Which Cisco router can I get that would support all the above? Remember I am a small network here.

Thanks

Tom             

Thomas R Grassi Jr
14 Replies 14

Jeff Van Houten
Level 5
Level 5

For iPads you need the any connect client which works with an Asa.

Sent from Cisco Technical Support iPad App

Jeff

I was looking at the asa5505 will that handle my web site and exchange server also?

I have the Any Connect Client on the IPADS but with my current Cisco 851 it does not work.

Thomas R Grassi Jr

The ASA 5505 can also handle everything you need and has much more throughput. As you say that you have an Exchange running, you probably have a fixed IP? The ASA doesn't have a DDNS-Client for Services like DynDNS.

But everything you want should also work with a Cisco 851. So there is really no need to spend the money on a new router/firewall.

Sent from Cisco Technical Support iPad App

That can all be done with your router (an 1841? I'm not aware of an 841).

1) The iPads have a build in IPSec-Client that works with IOS-Gateways. There are only problems with VTI-style VPNs. If your VPN-setup uses crypto-maps, everything is ok.

2) PPTP is a quite outdated technology. You probably don't need it any more nowadays. If you really want to use it, here is an example of how to configure the router:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml

If you can't use the Cisco-Client (IPSec or AnyConnect), then you should better use L2TP over IPSec. You find that in the configuration-Guide:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/l2tp-ipsec-sup-nat-pat-win-clients.html

Karsten,

Thanks for the Links.

My Current cisco router is a 851 not 841 typo on my part.

I was looking at the 1841 as a solution.

I know on the Ipads they have a native client that use IPSEC but my 851 is using IPSEC and they do not work.

I guess the 851 does not support IPADS.

I do not know any thing about IOS-Gateways?  Does an 851 support that? If not looks like the 1841 might be the best option.

Your thoughts

Thomas R Grassi Jr

With IOS-Gateway I mean your router which runs the Cisco IOS. Probably the config just needs to be tuned to make it work with the iPads and iPhones. Attach your running config (without passwords and pre-shared keys) and lets see what needs to be done.

Sent from Cisco Technical Support iPad App

Karsten,

Thanks here is my running config.


version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/
!
aaa new-model
!
!
aaa authentication login myusers local
aaa authentication login myradius group radius local
aaa authorization network myvpn local
!
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time edt recurring
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
ip inspect name myrules cuseeme
ip inspect name myrules ftp
ip inspect name myrules h323
ip inspect name myrules icmp
ip inspect name myrules rcmd
ip inspect name myrules realaudio
ip inspect name myrules rtsp
ip inspect name myrules sqlnet
ip inspect name myrules streamworks
ip inspect name myrules tftp
ip inspect name myrules tcp
ip inspect name myrules udp
ip inspect name myrules vdolive
ip domain name MYdomain.COM
ip name-server 71.242.0.12
ip name-server 71.250.0.12
ip name-server 4.2.2.2
!
!
crypto pki trustpoint TP-self-signed-1164042433
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1164042433
revocation-check none
rsakeypair TP-self-signed-1164042433
!
!
crypto pki certificate chain TP-self-signed-1164042433
certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31313634 30343234 3333301E 170D3032 30333031 30303038
  34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363430
  34323433 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B993 8AAE8B8C D8869842 C0C80A8C 57559B0A 243A306C EF726BD6 A79FBB30
  63569C86 5117E6D9 9E14BF1D 2721D4C6 2CCFB67A D7A03AC3 6BC719DB 1237121C
  8E310E9F 68F65DF7 B5986355 71B6C338 C34EC816 A677028D 0E131859 3A50E498
  C1F94525 2DA35215 3EF10350 018C419A 4F49245F 1218C545 0BE18AA4 04A8F049
  7AA90203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
  551D1104 18301682 144D7952 6F757465 722E5447 43534E45 542E434F 4D301F06
  03551D23 04183016 80149A8A F1DA8EF9 7BC577ED 349FDA87 2E93A11F 8D16301D
  0603551D 0E041604 149A8AF1 DA8EF97B C577ED34 9FDA872E 93A11F8D 16300D06
  092A8648 86F70D01 01040500 03818100 3092C5D5 9FA063C7 E85E37A5 7F9B3AC3
  A71B0BF1 A0BE1E4B 088C151A 6E056769 8E8FFCC9 3FA38091 38C53A49 CE1F20BE
  172A1C93 282C5F97 19A6D3B0 CF65552D FEADA8C0 E89075DD 667B6ABE 9CF76D13
  5E23D7CA A3BEC64D 21941DFB 3915D0C4 4221F663 1306DDF8 DF48E0AC DCC43028
  0D392C9C 66EABDED BB4F4D54 5ED039B9
  quit
username xxxxx privilege 15 secret 5 xxxxxxxxxxxx
username xxxxx privilege 15 secret 5 xxxxxxxxxxxxxx
username xxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxx
username xxxxx secret 5 xxxxxxxxxxxxxx
username xxxxx secret 5 xxxxxxxxxxxxxxxxx
username xxxxx secret 5 xxxxxxxxxxxxxxxxxx
username xxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group myvpn
key xxxxxxxxxxxx
dns 192.168.69.10 192.168.69.15
wins 192.168.69.10 192.168.69.15
domain our.network.mynet.com
pool dynpool
acl 105
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map dynmap client authentication list myradius
crypto map dynmap isakmp authorization list myvpn
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description ** WAN **
ip address 1.1.1.20 255.255.255.0
ip access-group 101 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map dynmap
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid xxxxxxxxxxxxxx
!
ssid myNET
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 xxxxxxxxxxxxxxxxxxxxx
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.69.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool dynpool 192.168.70.75 192.168.70.80
ip classless
ip route 0.0.0.0 0.0.0.0 72.88.223.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source static tcp 192.168.69.9 1792 interface FastEthernet4 1792
ip nat inside source static tcp 192.168.69.9 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.69.2 63145 interface FastEthernet1 63155
ip nat inside source static tcp 192.168.69.9 22 interface FastEthernet4 22
ip nat inside source static tcp 192.168.69.26 8080 interface FastEthernet4 8080
ip nat inside source static tcp 192.168.69.26 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.69.15 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.69.15 21 interface FastEthernet4 21
ip nat inside source static tcp 192.168.69.15 5900 interface FastEthernet4 5900
ip nat inside source static tcp 192.168.69.26 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
ip access-list extended denyDHCP
deny   udp any any eq bootpc
deny   udp any any eq bootps
permit ip any any
!
ip radius source-interface BVI1
access-list 23 permit 192.168.69.0 0.0.0.255
access-list 105 remark ** VPN Traffic **
access-list 105 permit ip 192.168.69.0 0.0.0.255 any
access-list 110 remark CCP_ACL Category=16
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.75
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.76
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.77
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.78
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.79
access-list 110 deny   ip 192.168.69.0 0.0.0.255 host 192.168.70.80
access-list 110 permit ip 192.168.69.0 0.0.0.255 any
access-list 110 deny   ip 192.168.69.0 0.0.0.255 192.168.70.0 0.0.0.255
snmp-server community xxxxxxxxxxxx RO
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 110
!
radius-server host 192.168.69.15 auth-port 1812 acct-port 1812 key xxxxxxxxxxxxx
!
control-plane
!
bridge 1 route ip
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username   privilege 15 secret 0
no username cisco

Replace and with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175189
ntp server 141.165.5.137
end

MyRouter#

Thomas R Grassi Jr

In my opinion, that should also work for an ipad. What exactly doesn't work when you connect with an iPad?

Karsten

My Ipad is on a wireless network not on the same lan different subnet. 192.168.1.3

My cisco is on 192.168.69.1 but I am using the external static ip address to connect. The same as I use with the cisco client on a pc

VPN CONNECTION The VPN server did not respond.

I turned on debugging hope I got enough

Jul 23 23:33:35.014: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.014: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.014: ISAKMP:      keylength of 256
Jul 23 23:33:35.014: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.014: ISAKMP:      hash SHA
Jul 23 23:33:35.014: ISAKMP:      default group 2
Jul 23 23:33:35.014: ISAKMP:(0):Proposed key length does not match policy
Jul 23 23:33:35.014: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.014: ISAKMP:(0):Checking ISAKMP transform 2 against priority 2 p
olicy
Jul 23 23:33:35.014: ISAKMP:      life type in seconds
Jul 23 23:33:35.014: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.014: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.014: ISAKMP:      keylength of 128
Jul 23 23:33:35.014: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.014: ISAKMP:      hash SHA
Jul 23 23:33:35.014: ISAKMP:      default group 2
Jul 23 23:33:35.014: ISAKMP:(0):Xauth authentication by pre-shared key offered b
ut does not match policy!
Jul 23 23:33:35.014: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.014: ISAKMP:(0):Checking ISAKMP transform 3 against priority 2 p
olicy
Jul 23 23:33:35.014: ISAKMP:      life type in seconds
Jul 23 23:33:35.014: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.014: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.014: ISAKMP:      keylength of 256
Jul 23 23:33:35.014: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.014: ISAKMP:      hash MD5
Jul 23 23:33:35.014: ISAKMP:      default group 2
Jul 23 23:33:35.014: ISAKMP:(0):Hash algorithm offered does not match policy!
Jul 23 23:33:35.014: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.014: ISAKMP:(0):Checking ISAKMP transform 4 against priority 2 p
olicy
Jul 23 23:33:35.014: ISAKMP:      life type in seconds
Jul 23 23:33:35.014: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.014: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.014: ISAKMP:      keylength of 128
Jul 23 23:33:35.014: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.014: ISAKMP:      hash MD5
Jul 23 23:33:35.014: ISAKMP:      default group 2
Jul 23 23:33:35.014: ISAKMP:(0):Hash algorithm offered does not match policy!
Jul 23 23:33:35.014: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.014: ISAKMP:(0):Checking ISAKMP transform 5 against priority 2 p
olicy
Jul 23 23:33:35.014: ISAKMP:      life type in seconds
Jul 23 23:33:35.014: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.014: ISAKMP:      encryption 3DES-CBC
Jul 23 23:33:35.018: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.018: ISAKMP:      hash SHA
Jul 23 23:33:35.018: ISAKMP:      default group 2
Jul 23 23:33:35.018: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.018: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.018: ISAKMP:(0):Checking ISAKMP transform 6 against priority 2 p
olicy
Jul 23 23:33:35.018: ISAKMP:      life type in seconds
Jul 23 23:33:35.018: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.018: ISAKMP:      encryption 3DES-CBC
Jul 23 23:33:35.018: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.018: ISAKMP:      hash MD5
Jul 23 23:33:35.018: ISAKMP:      default group 2
Jul 23 23:33:35.018: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.018: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.018: ISAKMP:(0):Checking ISAKMP transform 7 against priority 2 p
olicy
Jul 23 23:33:35.018: ISAKMP:      life type in seconds
Jul 23 23:33:35.018: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.018: ISAKMP:      encryption DES-CBC
Jul 23 23:33:35.018: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.018: ISAKMP:      hash SHA
Jul 23 23:33:35.018: ISAKMP:      default group 2
Jul 23 23:33:35.018: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.018: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.018: ISAKMP:(0):Checking ISAKMP transform 8 against priority 2 p
olicy
Jul 23 23:33:35.018: ISAKMP:      life type in seconds
Jul 23 23:33:35.018: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.018: ISAKMP:      encryption DES-CBC
Jul 23 23:33:35.018: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.018: ISAKMP:      hash MD5
Jul 23 23:33:35.018: ISAKMP:      default group 2
Jul 23 23:33:35.018: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.018: ISAKMP:(0):atts are not acceptable. Next payload is 0
Jul 23 23:33:35.018: ISAKMP:(0):Checking ISAKMP transform 1 against priority 655
35 policy
Jul 23 23:33:35.018: ISAKMP:      life type in seconds
Jul 23 23:33:35.018: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.018: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.018: ISAKMP:      keylength of 256
Jul 23 23:33:35.018: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.018: ISAKMP:      hash SHA
Jul 23 23:33:35.018: ISAKMP:      default group 2
Jul 23 23:33:35.018: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.018: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.018: ISAKMP:(0):Checking ISAKMP transform 2 against priority 655
35 policy
Jul 23 23:33:35.018: ISAKMP:      life type in seconds
Jul 23 23:33:35.018: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.022: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.022: ISAKMP:      keylength of 128
Jul 23 23:33:35.022: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.022: ISAKMP:      hash SHA
Jul 23 23:33:35.022: ISAKMP:      default group 2
Jul 23 23:33:35.022: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.022: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.022: ISAKMP:(0):Checking ISAKMP transform 3 against priority 655
35 policy
Jul 23 23:33:35.022: ISAKMP:      life type in seconds
Jul 23 23:33:35.022: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.022: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.022: ISAKMP:      keylength of 256
Jul 23 23:33:35.022: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.022: ISAKMP:      hash MD5
Jul 23 23:33:35.022: ISAKMP:      default group 2
Jul 23 23:33:35.022: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.022: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.022: ISAKMP:(0):Checking ISAKMP transform 4 against priority 655
35 policy
Jul 23 23:33:35.022: ISAKMP:      life type in seconds
Jul 23 23:33:35.022: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.022: ISAKMP:      encryption AES-CBC
Jul 23 23:33:35.022: ISAKMP:      keylength of 128
Jul 23 23:33:35.022: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.022: ISAKMP:      hash MD5
Jul 23 23:33:35.022: ISAKMP:      default group 2
Jul 23 23:33:35.022: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.022: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.022: ISAKMP:(0):Checking ISAKMP transform 5 against priority 655
35 policy
Jul 23 23:33:35.022: ISAKMP:      life type in seconds
Jul 23 23:33:35.022: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.022: ISAKMP:      encryption 3DES-CBC
Jul 23 23:33:35.022: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.022: ISAKMP:      hash SHA
Jul 23 23:33:35.022: ISAKMP:      default group 2
Jul 23 23:33:35.022: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.022: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.022: ISAKMP:(0):Checking ISAKMP transform 6 against priority 655
35 policy
Jul 23 23:33:35.022: ISAKMP:      life type in seconds
Jul 23 23:33:35.022: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.022: ISAKMP:      encryption 3DES-CBC
Jul 23 23:33:35.022: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.026: ISAKMP:      hash MD5
Jul 23 23:33:35.026: ISAKMP:      default group 2
Jul 23 23:33:35.026: ISAKMP:(0):Encryption algorithm offered does not match poli
cy!
Jul 23 23:33:35.026: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.026: ISAKMP:(0):Checking ISAKMP transform 7 against priority 655
35 policy
Jul 23 23:33:35.026: ISAKMP:      life type in seconds
Jul 23 23:33:35.026: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.026: ISAKMP:      encryption DES-CBC
Jul 23 23:33:35.026: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.026: ISAKMP:      hash SHA
Jul 23 23:33:35.026: ISAKMP:      default group 2
Jul 23 23:33:35.026: ISAKMP:(0):Authentication method offered does not match pol
icy!
Jul 23 23:33:35.026: ISAKMP:(0):atts are not acceptable. Next payload is 3
Jul 23 23:33:35.026: ISAKMP:(0):Checking ISAKMP transform 8 against priority 655
35 policy
Jul 23 23:33:35.026: ISAKMP:      life type in seconds
Jul 23 23:33:35.026: ISAKMP:      life duration (basic) of 3600
Jul 23 23:33:35.026: ISAKMP:      encryption DES-CBC
Jul 23 23:33:35.026: ISAKMP:      auth XAUTHInitPreShared
Jul 23 23:33:35.026: ISAKMP:      hash MD5
Jul 23 23:33:35.026: ISAKMP:      default group 2
Jul 23 23:33:35.026: ISAKMP:(0):Hash algorithm offered does not match policy!
Jul 23 23:33:35.026: ISAKMP:(0):atts are not acceptable. Next payload is 0
Jul 23 23:33:35.026: ISAKMP:(0):no offers accepted!
Jul 23 23:33:35.026: ISAKMP:(0): phase 1 SA policy not acceptable! (local 72.88.
223.20 remote 192.168.69.2)
Jul 23 23:33:35.026: ISAKMP (0:0): incrementing error counter on sa, attempt 1 o
f 5: construct_fail_ag_init
Jul 23 23:33:35.026: ISAKMP:(0): sending packet to 192.168.69.2 my_port 500 peer
_port 500 (R) AG_NO_STATE
Jul 23 23:33:35.026: ISAKMP:(0):peer does not do paranoid keepalives.

Jul 23 23:33:35.026: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal no
t accepted" state (R) AG_NO_STATE (peer 192.168.69.2)
Jul 23 23:33:35.026: ISAKMP:(0): processing KE payload. message ID = 0
Jul 23 23:33:35.026: ISAKMP:(0): group size changed! Should be 0, is 128
Jul 23 23:33:35.026: ISAKMP (0:0): Unknown Input IKE_MESG_FROM_PEER, IKE_AM_EXCH
:  state = IKE_READY
Jul 23 23:33:35.026: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
Jul 23 23:33:35.026: ISAKMP:(0):Old State = IKE_READY  New State = IKE_READY

Jul 23 23:33:35.030: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
failed with peer at 192.168.69.2
Jul 23 23:33:35.030: ISAKMP:(0):deleting SA reason "Phase1 SA policy proposal no
t accepted" state (R) AG_NO_STATE (peer 192.168.69.2)
Jul 23 23:33:35.030: ISAKMP: Unlocking peer struct 0x82AE4A24 for isadb_mark_sa_
deleted(), count 0
Jul 23 23:33:35.030: ISAKMP: Deleting peer node by peer_reap for 192.168.69.2: 8
2AE4A24
Jul 23 23:33:35.030: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Jul 23 23:33:35.030: ISAKMP:(0):Old State = IKE_READY  New State = IKE_DEST_SA

Jul 23 23:33:35.030: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Jul 23 23:33:35.509: ISAKMP:(1003):purging node 465633842
Jul 23 23:33:38.125: ISAKMP (0:0): received packet from 192.168.69.2 dport 500 s
port 500 Global (R) MM_NO_STATE
Jul 23 23:33:41.196: ISAKMP (0:0): received packet from 192.168.69.2 dport 500 s
port 500 Global (R) MM_NO_STATE
Jul 23 23:33:41.700: ISAKMP (0:1003): received packet from 38.108.205.83 dport 4
500 sport 51047 Global (R) QM_IDLE
Jul 23 23:33:41.700: ISAKMP: set new node 544623197 to QM_IDLE
Jul 23 23:33:41.700: ISAKMP:(1003): processing HASH payload. message ID = 544623
197
Jul 23 23:33:41.700: ISAKMP:(1003): processing NOTIFY DPD/R_U_THERE protocol 1
        spi 0, message ID = 544623197, sa = 82AE4D28
Jul 23 23:33:41.700: ISAKMP:(1003):deleting node 544623197 error FALSE reason "I
nformational (in) state 1"
Jul 23 23:33:41.700: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 23 23:33:41.700: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE

Jul 23 23:33:41.704: ISAKMP:(1003):DPD/R_U_THERE received from peer 38.108.205.8
3, sequence 0xA608CF00
Jul 23 23:33:41.704: ISAKMP: set new node -802873979 to QM_IDLE
Jul 23 23:33:41.704: ISAKMP:(1003):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
        spi 2190123000, message ID = -802873979
Jul 23 23:33:41.704: ISAKMP:(1003): seq. no 0xA608CF00
Jul 23 23:33:41.704: ISAKMP:(1003): sending packet to 38.108.205.83 my_port 4500
peer_port 51047 (R) QM_IDLE
Jul 23 23:33:41.708: ISAKMP:(1003):purging node -802873979
Jul 23 23:33:41.708: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALI
VE
Jul 23 23:33:41.708: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE

Jul 23 23:33:44.283: ISAKMP (0:0): received packet from 192.168.69.2 dport 500 s
port 500 Global (R) MM_NO_STATE
Jul 23 23:33:49.686: ISAKMP:(1003):purging node 1599830654
Jul 23 23:33:57.415: ISAKMP (0:1003): received packet from 38.108.205.83 dport 4
500 sport 51047 Global (R) QM_IDLE
Jul 23 23:33:57.415: ISAKMP: set new node -623140801 to QM_IDLE
Jul 23 23:33:57.419: ISAKMP:(1003): processing HASH payload. message ID = -62314
0801
Jul 23 23:33:57.419: ISAKMP:(1003): processing NOTIFY DPD/R_U_THERE protocol 1
        spi 0, message ID = -623140801, sa = 82AE4D28
Jul 23 23:33:57.419: ISAKMP:(1003):deleting node -623140801 error FALSE reason "
Informational (in) state 1"
Jul 23 23:33:57.419: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 23 23:33:57.419: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE

Jul 23 23:33:57.419: ISAKMP:(1003):DPD/R_U_THERE received from peer 38.108.205.8
3, sequence 0xA608CF01
Jul 23 23:33:57.419: ISAKMP: set new node -528309915 to QM_IDLE
Jul 23 23:33:57.419: ISAKMP:(1003):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
        spi 2190123000, message ID = -528309915
Jul 23 23:33:57.419: ISAKMP:(1003): seq. no 0xA608CF01
Jul 23 23:33:57.423: ISAKMP:(1003): sending packet to 38.108.205.83 my_port 4500
peer_port 51047 (R) QM_IDLE
Jul 23 23:33:57.423: ISAKMP:(1003):purging node -528309915
Jul 23 23:33:57.423: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALI
VE
Jul 23 23:33:57.423: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE

Jul 23 23:34:00.231: ISAKMP:(1003):purging node 1280069995
Jul 23 23:34:08.073: ISAKMP (0:1003): received packet from 38.108.205.83 dport 4
500 sport 51047 Global (R) QM_IDLE
Jul 23 23:34:08.073: ISAKMP: set new node -1868232002 to QM_IDLE
Jul 23 23:34:08.073: ISAKMP:(1003): processing HASH payload. message ID = -18682
32002
Jul 23 23:34:08.073: ISAKMP:(1003): processing NOTIFY DPD/R_U_THERE protocol 1
        spi 0, message ID = -1868232002, sa = 82AE4D28
Jul 23 23:34:08.073: ISAKMP:(1003):deleting node -1868232002 error FALSE reason
"Informational (in) state 1"
Jul 23 23:34:08.073: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
Jul 23 23:34:08.073: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE

Jul 23 23:34:08.077: ISAKMP:(1003):DPD/R_U_THERE received from peer 38.108.205.8
3, sequence 0xA608CF02
Jul 23 23:34:08.077: ISAKMP: set new node -1329806421 to QM_IDLE
Jul 23 23:34:08.077: ISAKMP:(1003):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
        spi 2190123000, message ID = -1329806421
Jul 23 23:34:08.077: ISAKMP:(1003): seq. no 0xA608CF02
Jul 23 23:34:08.077: ISAKMP:(1003): sending packet to 38.108.205.83 my_port 4500
peer_port 51047 (R) QM_IDLE
Jul 23 23:34:08.077: ISAKMP:(1003):purging node -1329806421
MyRouter#
Jul 23 23:34:08.081: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALI
VE
Jul 23 23:34:08.081: ISAKMP:(1003):Old State = IKE_P1_COMPLETE  New State = IKE_
P1_COMPLETE
un all
All possible debugging has been turned off
MyRouter#

      

Karsten

Any luck on the debug log?

Thomas R Grassi Jr

How did you configure the iPad for this connection?

Karsten

On the IPad

1. Choose Settings

2. Select VPN

3. Select Add VPN configuration

4. Select IPSEC

5. Enter information

     Description MY VPN SIte

     Server ip address

     account my user id

     password     ask every time          (Which it does)

     Use Certificate     OFF

     Group Name     myvpn

     Secret               xxxxxxxxxxxx

Proxy OFF

Does not look like much configuration on the Ipad looks straght forward

Did the Debug log help any?

      

Also I tried using Cisco AnyConnect with no luck. I believe Anyconnect only works on ASA units

Thomas R Grassi Jr

karsten.iwen

Just checking in did you get  chance to review my last reply above?

I sent you a personel email did you get it?

I could set you up with a test account

Do you have an Ipad?

Thanks

Thomas R Grassi Jr

Any luck coming up with a solution?

Hanging here waiting

Sent from Cisco Technical Support iPad App

Thomas R Grassi Jr

Any luck coming up with a solution?

Hanging here waiting

Sent from Cisco Technical Support iPad App

Thomas R Grassi Jr
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco