Re: C867 Remote Access VPN (FlexVPN) with IKEv2 PSK

musystec · ‎06-05-2019

Dear community

I'm trying to realize a Site to Client (Remote Access) VPN Solution based on IKEv2 with Preshared Key Auth.

The router is a C867 model with IOS Version 15.1(4r)M3 installed.

However I can't find any best practices on the internet at all, not even working configuration examples.

Is there any expert on this forum, who's able to post a fully working configuration with implemented Remote Access VPN on a Cisco Router?

In the past we have used ISAKMP with IKEv1 which was working perfectly with the old EZVPN Cisco Client. Since this client is end of life we have to move over and start using IKEv2

Any help is really much appreciated.

Rob Ingram · ‎06-05-2019

Hi,

I don't think you can configure a FlexVPN Remote Access VPN using PSK, only certificates or EAP (username and password). Example here.

Which VPN client do you intend to use, AnyConnect?

musystec · ‎06-05-2019

Thank you for your message

Currently we are using the Software Shrewsoft VPN. However we would like to implement a IKEv2 solution with the Windows 10 native based VPN client. this should be possible or am I totally wrong?

As you've described we would like to use EAP for AAA

Here is our current ISAKMP configuration for IKEv1:

username test privilege 0 secret testest
!
crypto isakmp client configuration group VPN_TST
key test
dns <Router LAN IP>
pool ippool_tst
acl 192
!
ip local pool ippool_tst 10.199.2.1 10.199.2.254
!
ip access-list ext 192
permit ip <LAN> <Wildcard> 10.199.2.0 0.0.0.255 any

Rob Ingram · ‎06-06-2019

Hi,

Yes you can implement FlexVPN Remote Access using the Windows native client, here is the cisco example.

This link will also be useful.

HTH