Re: Cisco 1100 router to fails to allow incoming VPN connection

muel3038 · ‎08-13-2021

I attempting to configure a Cisco 1100 router to accept VPN connection from GigabitEthernet0/0/0 and allow NAT connection to devices on VLAN1. Below is my configuration that fails to initiate the connection.

no aaa new-model

vpdn enable

vpdn-group VPN_Clients
accept-dialin
protocol any
virtual-template 1
no l2tp tunnel authentication

crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
crypto isakmp key #Password1# address 0.0.0.0
!
crypto ipsec transform-set VPN_TS esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map VPN_DYN_MAP 1
set nat demux
set transform-set VPN_TS
!
crypto map VPN_MAP 1 ipsec-isakmp dynamic VPN_DYN_MAP
!
interface GigabitEthernet0/0/0
no ip address
load-interval 30
negotiation auto
!
interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip address 107.204.31.112 255.255.255.254
ip nat outside
crypto map VPN_MAP
!
interface Virtual-Template1
ip unnumbered Vlan88
ip nat inside
peer default ip address pool VPN_POOL
no keepalive
ppp authentication ms-chap-v2
!
interface Vlan1
ip address 172.168.20.253 255.255.0.0
ip nat inside
load-interval 30
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ipv6 dhcp client request vendor
!
interface Vlan88
description VPN
no ip address
ip nat inside
!
ip local pool VPN_POOL 172.168.222.10 172.168.222.199

marce1000 · ‎08-14-2021

- What's in the logs ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

muel3038 · ‎08-14-2021

The log shows this message

%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from xx.xx.xx.xx failed its sanity check or is malformed.

I am using the default Windows 10 VPN client

Preshared key and local login credentials