Showing results for 
Search instead for 
Did you mean: 

Cisco 1100 router to fails to allow incoming VPN connection

Level 1
Level 1

I attempting to configure a Cisco 1100 router to accept VPN connection from GigabitEthernet0/0/0 and allow NAT connection to devices on VLAN1. Below is my configuration that fails to initiate the connection.


no aaa new-model

vpdn enable

vpdn-group VPN_Clients
protocol any
virtual-template 1
no l2tp tunnel authentication

crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
crypto isakmp key #Password1# address
crypto ipsec transform-set VPN_TS esp-3des esp-sha-hmac
mode transport
crypto dynamic-map VPN_DYN_MAP 1
set nat demux
set transform-set VPN_TS
crypto map VPN_MAP 1 ipsec-isakmp dynamic VPN_DYN_MAP
interface GigabitEthernet0/0/0
no ip address
load-interval 30
negotiation auto
interface GigabitEthernet0/0/0.7
encapsulation dot1Q 7
ip address
ip nat outside
crypto map VPN_MAP
interface Virtual-Template1
ip unnumbered Vlan88
ip nat inside
peer default ip address pool VPN_POOL
no keepalive
ppp authentication ms-chap-v2
interface Vlan1
ip address
ip nat inside
load-interval 30
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ipv6 dhcp client request vendor
interface Vlan88
description VPN
no ip address
ip nat inside
ip local pool VPN_POOL

2 Replies 2



          - What's in the logs ?


-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

The log shows this message

%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from xx.xx.xx.xx failed its sanity check or is malformed.

I am using the default Windows 10 VPN client

Preshared key and local login credentials