06-05-2019 06:47 AM - edited 02-21-2020 09:40 PM
Dear community
I'm trying to realize a Site to Client (Remote Access) VPN Solution based on IKEv2 with Preshared Key Auth.
The router is a C867 model with IOS Version 15.1(4r)M3 installed.
However I can't find any best practices on the internet at all, not even working configuration examples.
Is there any expert on this forum, who's able to post a fully working configuration with implemented Remote Access VPN on a Cisco Router?
In the past we have used ISAKMP with IKEv1 which was working perfectly with the old EZVPN Cisco Client. Since this client is end of life we have to move over and start using IKEv2
Any help is really much appreciated.
06-05-2019 07:00 AM
Hi,
I don't think you can configure a FlexVPN Remote Access VPN using PSK, only certificates or EAP (username and password). Example here.
Which VPN client do you intend to use, AnyConnect?
06-05-2019 11:57 PM - edited 06-06-2019 12:09 AM
Thank you for your message
Currently we are using the Software Shrewsoft VPN. However we would like to implement a IKEv2 solution with the Windows 10 native based VPN client. this should be possible or am I totally wrong?
As you've described we would like to use EAP for AAA
Here is our current ISAKMP configuration for IKEv1:
username test privilege 0 secret testest ! crypto isakmp client configuration group VPN_TST key test dns <Router LAN IP> pool ippool_tst acl 192 ! ip local pool ippool_tst 10.199.2.1 10.199.2.254 ! ip access-list ext 192 permit ip <LAN> <Wildcard> 10.199.2.0 0.0.0.255 any
06-06-2019 12:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide