Showing results for 
Search instead for 
Did you mean: 

Cisco 1100 router to fails to allow incoming VPN connection

Level 1
Level 1

I attempting to configure a Cisco 1100 router to accept VPN connection from GigabitEthernet0/0/0 and allow NAT connection to devices on VLAN1. Below is my configuration that fails to initiate the connection.


no aaa new-model

vpdn enable

vpdn-group VPN_Clients
protocol any
virtual-template 1
no l2tp tunnel authentication

crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
crypto isakmp key #Password1# address
crypto ipsec transform-set VPN_TS esp-3des esp-sha-hmac
mode transport
crypto dynamic-map VPN_DYN_MAP 1
set nat demux
set transform-set VPN_TS
crypto map VPN_MAP 1 ipsec-isakmp dynamic VPN_DYN_MAP
interface GigabitEthernet0/0/0
no ip address
load-interval 30
negotiation auto
interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip address
ip nat outside
crypto map VPN_MAP
interface Virtual-Template1
ip unnumbered Vlan88
ip nat inside
peer default ip address pool VPN_POOL
no keepalive
ppp authentication ms-chap-v2
interface Vlan1
ip address
ip nat inside
load-interval 30
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ipv6 dhcp client request vendor
interface Vlan88
description VPN
no ip address
ip nat inside
ip local pool VPN_POOL

2 Replies 2



          - What's in the logs ?


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

The log shows this message

%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from xx.xx.xx.xx failed its sanity check or is malformed.

I am using the default Windows 10 VPN client

Preshared key and local login credentials

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: