10-26-2015 11:58 PM - edited 02-21-2020 08:31 PM
Hello Guys, Im currently studying for my CCNA R&S and i got my 2821 connected to the Internet for about a week, now i want create a Remote Access to my cisco 2821 while im not at home, because i have a NAS (Network Attached Storage) i want to access just for fun. I cant find much help because the majority of the tutorials on Youtube are for Cisco ASA, I did the following config but i get this log when im trying to access the VPN from my iPad
Thanks for looking at my post any help will be highly appreciated
(CONFIG BELOW)
Oct 27 06:00:35.611: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 10.75.6.60 < (my iPad IP address)
Oct 27 06:00:36.423: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
conf t
aaa new-model
aaa authentication login REMOTE local
aaa authorization network REMOTE local
username VPN secret ACCESS
crypto isakmp policy 10
encryption aes 256
hash md5
authentication pre-share
group 2
lifetime 21600
crypto isakmp client configuration group REMOTE
key CISCO
pool VPN_POOL
crypto ipsec transform-set MYSET esp-aes 256 esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set MYSET
crypto map CLIENT_MAP client authentication list REMOTE
crypto map CLIENT_MAP isakmp authorization list REMOTE
crypto map CLIENT_MAP client configuration address respond
crypto map CLIENT_MAP 10 ipsec-isakmp dynamic DYNMAP
ip local pool VPN_POOL 10.75.6.200 10.75.6.250
int g0/0
crypto map CLIENT_MAP
ip dhcp excluded-address 10.75.6.0 10.75.6.50
ip dhcp pool CONCEPCION
network 10.75.6.0 255.255.255.0
default-router 10.75.6.1
dns-server 8.8.8.8 8.8.4.4
ip ssh version 2
interface GigabitEthernet0/0
description CONNECTED TO THE (INTERNET)
ip address dhcp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in max-reassemblies 1
duplex auto
speed auto
crypto map CLIENT_MAP
ip nat pool GLOBAL 250.80.26.10 250.80.26.10 prefix-length 19 (NOT REAL IP)
ip nat inside source list Internet pool GLOBAL overload
ip access-list standard Internet
permit 10.75.0.0 0.0.7.255
permit 192.168.1.0 0.0.0.255
deny any
10-27-2015 03:24 AM
Hello,
I believe Cisco VPN Client is not supported officially on Apple iOS devices:
So, VPN from Apple iOS device may not work correctly.
I advice you first to try to configure remote access from Windows PC.
After that you can also try to configure SSL VPN on cisco router, so that you can use an actual VPN Client - Cisco AnyConnect secure mobility client.
Here is configuration guide:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: