Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Remote Access VPN

concepcionz
Level 1
Level 1

‎10-26-2015 11:58 PM - edited ‎02-21-2020 08:31 PM

Hello Guys, Im currently studying for my CCNA R&S and i got my 2821 connected to the Internet for about a week, now i want create a Remote Access to my cisco 2821 while im not at home, because i have a NAS (Network Attached Storage) i want to access just for fun. I cant find much help because the majority of the tutorials on Youtube are for Cisco ASA, I did the following config but i get this log when im trying to access the VPN from my iPad

Thanks for looking at my post any help will be highly appreciated 

(CONFIG BELOW)

 


Oct 27 06:00:35.611: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 10.75.6.60 < (my iPad IP address) 
Oct 27 06:00:36.423: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection

 

conf t
aaa new-model
aaa authentication login REMOTE local
aaa authorization network REMOTE local
username VPN secret ACCESS

crypto isakmp policy 10
encryption aes 256
hash md5
authentication pre-share
group 2
lifetime 21600

crypto isakmp client configuration group REMOTE
key CISCO
pool VPN_POOL

crypto ipsec transform-set MYSET esp-aes 256 esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set MYSET

crypto map CLIENT_MAP client authentication list REMOTE
crypto map CLIENT_MAP isakmp  authorization list REMOTE
crypto map CLIENT_MAP client configuration address respond
crypto map CLIENT_MAP 10 ipsec-isakmp dynamic DYNMAP
ip local pool VPN_POOL 10.75.6.200 10.75.6.250 

int g0/0
crypto map CLIENT_MAP

ip dhcp excluded-address 10.75.6.0 10.75.6.50
ip dhcp pool CONCEPCION
 network 10.75.6.0 255.255.255.0
 default-router 10.75.6.1 
 dns-server 8.8.8.8 8.8.4.4 

ip ssh version 2 

interface GigabitEthernet0/0
 description CONNECTED TO THE (INTERNET)
 ip address dhcp
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly in max-reassemblies 1
 duplex auto
 speed auto
 crypto map CLIENT_MAP

ip nat pool GLOBAL 250.80.26.10 250.80.26.10 prefix-length 19 (NOT REAL IP)
ip nat inside source list Internet pool GLOBAL overload
         
ip access-list standard Internet
 permit 10.75.0.0 0.0.7.255
 permit 192.168.1.0 0.0.0.255
 deny   any

Labels:
0 Helpful
1 Reply 1

Boris Uskov
Level 4
Level 4

‎10-27-2015 03:24 AM

Hello,

I believe Cisco VPN Client is not supported officially on Apple iOS devices:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537

So, VPN from Apple iOS device may not work correctly.

I advice you first to try to configure remote access from Windows PC.

After that you can also try to configure SSL VPN on cisco router, so that you can use an actual VPN Client - Cisco AnyConnect secure mobility client.

Here is configuration guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-mt/sec-conn-sslvpn-15-mt-book.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents