09-01-2017 08:13 PM - edited 03-12-2019 04:31 AM
I have been trying to get IPSec VPN access on our internet facing router without success for over a month now. Please can someone help.
Our internet router is CISCO881-SEC-K9 , Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
I am using Cisco VPN Client Version 5 for the remote access dial up.
I have run the debugs
debug crypto isakmp
debug crypto isakmp error
debug crypto ipsec
debug crypto ipsec error
Attached are the debug results
I have the same configs working through our other internet link
09-02-2017 03:40 AM
Hi,
From the logs I can see that you are not matching the isakmp policies. It is processing each of the policies but failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.
If it works on your other router with the same configuration, are you using the same IOS version on both routers? Same VPN client? Can you run a debug of a successful authentication on the other router and send over?
Can you send over a sanitised copy of the configuration?
I don't believe Cisco VPN Client Version 5 is even supported anymore.
09-04-2017 11:05 PM
Hi, Thanks for pointing me in the right direction. I can now understand the logs. Yes, you are correct that it is failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.
My other internet router is a Cisco CISCO1941/K9 router with Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(1)T1, RELEASE SOFTWARE (fc1)
(c1900-universalk9-mz.SPA.152-1.T1.bin)
I am using same VPN Client
Attached is debug of a successful authentication on the 1941 router
09-05-2017 07:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide