cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
700
Views
0
Helpful
3
Replies
Highlighted
Beginner

IPSec VPN Remote Access not working - ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

I have been trying to get IPSec VPN access on our internet facing router without success for over a month now. Please can someone help.

 

Our internet router is CISCO881-SEC-K9 , Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)

I am using Cisco VPN Client Version 5 for the remote access dial up.

 

I have run the debugs

debug crypto isakmp

debug crypto isakmp error

debug crypto ipsec      

 debug crypto ipsec error

 

 

Attached are the debug results

 

I have the same configs working through our other internet link

 

3 REPLIES 3
Highlighted
VIP Advisor

Re: IPSec VPN Remote Access not working - ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

Hi,

 

From the logs I can see that you are not matching the isakmp policies. It is processing each of the policies but failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.

 

If it works on your other router with the same configuration, are you using the same IOS version on both routers? Same VPN client? Can you run a debug of a successful authentication on the other router and send over?

 

Can you send over a sanitised copy of the configuration?

 

I don't believe Cisco VPN Client Version 5 is even supported anymore.

Highlighted
Beginner

Re: IPSec VPN Remote Access not working - ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

Hi, Thanks for pointing me in the right direction. I can now understand the logs. Yes, you are correct that it is failing due to mismatched for various reasons - e.g hash or encryption algorthim etc.

 

My other internet router is a Cisco CISCO1941/K9 router with Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(1)T1, RELEASE SOFTWARE (fc1)
(c1900-universalk9-mz.SPA.152-1.T1.bin)

 

I am using same VPN Client

 

Attached is debug of a successful authentication on the 1941 router

Highlighted
Enthusiast

Re: IPSec VPN Remote Access not working - ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch

Hello @danielmaisu,

I checked the logs and you need to check for the Phase 1 proposals:

Encryption: AES-CBC
Hash: SHA
DH: Group 2
Authentication: PSK

Based on the logs for the non-working one, this proposal is not present and this is the one that is using the working Router.

HTH

Gio