01-27-2019 09:23 AM - edited 02-21-2020 09:33 PM
I am trying to create a dial up VPN on an ISR4331 (as you might see from another post I've tried PPTP with little success). I have tried L2TP/IPSEC and IPSEC trying to connect from the native VPN client in an android phone however the two ends seem incapable of finding a phase 1 policy which matches. All the attempts from the phone seem to include -CBC but that doesn't seem to be an option in the config in IOS. Am I missing something here or is it not possible to create a simple IPSEC dial up VPN to an IOS router?
01-27-2019 09:49 AM
01-28-2019 01:35 PM
Hi. I am running an ISR4331 on 15.5(3)S6.
I think I may have sorted that issue at least in that I had not correctly configured the group ID on the android device. I now get the tunnel up but get no traffic passing on it. How does the tunnel work in relation to the zone based firewall? Does it class as an outside interface? I can ping from the LAN to the phone but not from the phone to the LAN so I'm wondering if its being firewalled (even though no denys are logged.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: