Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
2
Replies

Cisco IOS IPSEC Configuration

paulhughes5
Level 1
Level 1

‎01-27-2019 09:23 AM - edited ‎02-21-2020 09:33 PM

I am trying to create a dial up VPN on an ISR4331 (as you might see from another post I've tried PPTP with little success). I have tried L2TP/IPSEC and IPSEC trying to connect from the native VPN client in an android phone however the two ends seem incapable of finding a phase 1 policy which matches.  All the attempts from the phone seem to include -CBC but that doesn't seem to be an option in the config in IOS.  Am I missing something here or is it not possible to create a simple IPSEC dial up VPN to an IOS router?

Labels:
0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎01-27-2019 09:49 AM

What router are you using and what version of IOS? CBC encryptions are supported in IOS with 3DES and AES but for IKEv2 (not IKEv1)
0 Helpful

paulhughes5
Level 1
Level 1
In response to Mohammed al Baqari

‎01-28-2019 01:35 PM

Hi.  I am running an ISR4331 on 15.5(3)S6.

I think I may have sorted that issue at least in that I had not correctly configured the group ID on the android device.  I now get the tunnel up but get no traffic passing on it.  How does the tunnel work in relation to the zone based firewall?  Does it class as an outside interface?  I can ping from the LAN to the phone but not from the phone to the LAN so I'm wondering if its being firewalled (even though no denys are logged.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents