Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
0
Helpful
0
Replies

configuring ipsec vpn (SPOKE) using aggressive mode

lester.mendoza
Level 1
Level 1

‎02-02-2019 10:59 PM - edited ‎02-21-2020 09:33 PM

Hi there,

I've been tasked to replace the customer existing router ( Draytek ) to Cisco router C1117, I've having hard time to replicate the Draytek config to cisco config.

 

I've used the configuration below, but nothing I can see from the debugs, I'm not really sure if I'm using the correct config, would you mind to give correct docs on where to fits the information provided by ISP

 

below is the information provided by Service provider

Peer WAN IP: 203.213.1.1
Encryption: AES
Local SM: 255.255.255.0
Local Network IP: 10.2.2.0
PeerID: Lithgow123
Password: 123xxxx

###############################

below is my current config.

crypto isakmp policy 1
authentication pre-share
!

crypto ipsec transform-set JPLA_TS esp-aes esp-sha-hmac
access-list 101 permit ip 10.2.2.0 0.0.0.255 any
!

crypto isakmp peer address 203.213.x.x
set aggressive-mode client-endpoint user-fqdn ????
set aggressive-mode password 123xxxx
!
crypto map JPLA_CMAP 10 ipsec-isakmp
set peer 203.213.1.1
set transform-set JPLA_TS
match address 101
!
interface cell0/2/0
crypto map JPLA_CMAP
!
interface vlan 1
ip address 10.2.2.254 255.255.255.0

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents