I have been trying to get IPSec VPN access on our internet facing router without success for over a month now. Please can someone help.
Our internet router is CISCO881-SEC-K9 , Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
I am using Cisco VPN Client Version 5 for the remote access dial up.
I have run the debugs
debug crypto isakmp
debug crypto isakmp error
debug crypto ipsec
debug crypto ipsec error
Attached are the debug results
I have the same configs working through our other internet link
From the logs I can see that you are not matching the isakmp policies. It is processing each of the policies but failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.
If it works on your other router with the same configuration, are you using the same IOS version on both routers? Same VPN client? Can you run a debug of a successful authentication on the other router and send over?
Can you send over a sanitised copy of the configuration?
I don't believe Cisco VPN Client Version 5 is even supported anymore.
Hi, Thanks for pointing me in the right direction. I can now understand the logs. Yes, you are correct that it is failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.
My other internet router is a Cisco CISCO1941/K9 router with Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(1)T1, RELEASE SOFTWARE (fc1)
I am using same VPN Client
Attached is debug of a successful authentication on the 1941 router