Cisco Remote Access VPN IOS Router Problems

hd5935721 · ‎08-30-2015

I am attempting setup a Cisco 3845 router for remote access VPN to the Cisco VPN client. See the attached network diagram, the router config and debug output. Some of personal information has been changed for privacy reasons. Let me know if you need any additional information. Thanks for the help!!!

I based my config off of this guide:

http://www.cisco.com/c/en/us/support/docs/security/vpn-client/71461-router-vpnclient-pi-stick.html

pjain2 · ‎09-06-2015

looks like the UDP 500 is not making back to the client

can you try using ipsec over TCp instead of UDP to check if the udp 500 is being blocked somewhere in the middle.

on the router configure:

crypto ctcp port 10000

on the ipsec vpn client, in the transparent tunneling select ipsec over tcp port 10000

NOTE: ipsec vpn client is EOS and EOL

hd5935721 · ‎09-08-2015

Thanks for the post. I will try that and let you know if it works.

Does a Cisco 3845 router have any other VPN client available (such as AnyConnect) that is still support by Cisco?

pjain2 · ‎09-09-2015

hello,

yeah you can use anyconnect client to connect to your router through vpn.

http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70663-webvpn.html

regards

hd5935721 · ‎09-16-2015

Sorry for the slow reply. I tried using tcp port 10000 but it is still failing to connect. Here is the debug output. I get prompted for my username and password but it stop connecting a few seconds after that. I am seeing this error message in the debug info.

ISAKMP:(1009): IPSec policy invalidated proposal with error 256

Is it possible the problem is with my transform command? I wanted to use aes 256 if it is support by the client for the best security.

crypto ipsec transform-set myset esp-aes 256 esp-sha256-hmac
set transform-set myset