Showing results for 
Search instead for 
Did you mean: 

Cisco IOS IPSEC Configuration

Level 1
Level 1

I am trying to create a dial up VPN on an ISR4331 (as you might see from another post I've tried PPTP with little success). I have tried L2TP/IPSEC and IPSEC trying to connect from the native VPN client in an android phone however the two ends seem incapable of finding a phase 1 policy which matches.  All the attempts from the phone seem to include -CBC but that doesn't seem to be an option in the config in IOS.  Am I missing something here or is it not possible to create a simple IPSEC dial up VPN to an IOS router?

2 Replies 2

What router are you using and what version of IOS? CBC encryptions are supported in IOS with 3DES and AES but for IKEv2 (not IKEv1)

Hi.  I am running an ISR4331 on 15.5(3)S6.

I think I may have sorted that issue at least in that I had not correctly configured the group ID on the android device.  I now get the tunnel up but get no traffic passing on it.  How does the tunnel work in relation to the zone based firewall?  Does it class as an outside interface?  I can ping from the LAN to the phone but not from the phone to the LAN so I'm wondering if its being firewalled (even though no denys are logged.