Hi Karsten

I have tried easy vpn via ccp which forces my to enter a group name althou the server does not use it. The VPN fails, is this as a result of having to enter the group name or something else?

Thanks for your help.

that's very likely. Which group-name did you use in the iPhone-client? If that worked just use the same.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

on the iPhone I was able to leave it blank but with ccp you have to enter something??

strange ... I wuld ask the VPN-provider what the groupname is and if EzVPN remote is really compatible.


Sent from Cisco Technical Support iPad App

Will do that,

Thanks very much for the help.

Hi, could you share your config? 

I have configed the same but I only get this message and it seems it doesnt even get to phase one:

CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) 

this is my config

Building configuration...

Current configuration : 2682 bytes
!
! Last configuration change at 16:32:09 UTC Wed Jun 15 2016
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VPN_Test
!
boot-start-marker
boot system flash:/c880data-universalk9-mz.152-4.M7.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login vpn-client-user local
aaa authorization network vpn-client-user local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
!
!
!
!
ip dhcp excluded-address 192.168.3.1 192.168.3.99
ip dhcp excluded-address 192.168.3.200 192.168.3.255
!
ip dhcp pool INTERNAL
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881GW-GN-E-K9 sn FHK143476HA
license boot module c880-data level advsecurity
!
!
!
!
!
!
!
controller Cellular 0
!
ip tftp source-interface Vlan1
!
!
crypto isakmp policy 1
encr aes
group 2
!
!
crypto ipsec transform-set HW esp-aes
mode tunnel
!
crypto ipsec profile 1
!
crypto ipsec profile HW
!
!
!
crypto ipsec client ezvpn HW-Client
connect auto
group ASTRILL key way2stars
mode client
peer 104.223.141.123
username user@id.com password password
xauth userid mode local
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn HW-Client
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip address 192.168.3.1 255.255.255.0
service-module ip address 192.168.3.2 255.255.255.0
service-module ip default-gateway 192.168.3.1
arp timeout 0
crypto ipsec client ezvpn HW-Client inside
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
service-module ip address 192.168.3.2 255.255.255.0
service-module ip default-gateway 192.168.3.1
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
tftp-server flash:anyconnect-win-4.1.04011-k9.pkg

Hi,

I just wondered if you ever got this working, I'm trying to use a Cisco 1921 with an IOS

c1900-universalk9-mz.SPA.154-3.M5.bin to set up a connection to a commercial VPN Provider,  either Nord, Private internet access or IP vanish. I'm struggling to find anything that could help and my knowledge of VPN's is a bit scarce to say the least. Basically I'm trying to use a Cisco Router on my home network to encrypt all of my traffic from my LAN. I can use the providers client software but I'd like to do the encryption at Router level. 

Any pointers would be much appreciated.

Steve

Hi Again,

I mail there support and got the following reply:-

2. Cisco IPSec (compatible with iPhone/iPad/Macintosh)
This VPN uses XAuth with PSK. For XAuth use your Astrill email and password. PSK (Preshared secret) is "way2stars". If IPSec group is required, leave this blank or put "Astrill". Exchange mode is (aggressive, main). IKE fragmentation is enabled. I'm sending bellow relevant configuration parameters for 1st and 2nd phase:
- First phase: Encryption: AES, Hash algorithm: SHA1; DH Group: 2; XAuth authentication;
- Second phase: pfs_group 2; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate;

How would I edit my Easy VPN Remote to reflect those settings, i have tried a few thing thou CCP but with no success?