Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
1
Helpful
1
Replies

Remote to site VPN configuration on Cisco 1941 router.

Maambo
Level 1
Level 1

‎11-23-2023 09:54 PM - last edited on ‎11-23-2023 10:38 PM by Community Manager

I am having problems connecting to my 1941 Cisco router using anyconnect client on my windows 10, while getting this error 

Connection attempt has failed due to server communication error please retry connection.

Configuration on router

 

Current configuration : 5803 bytes
!
version 15.4


aaa new-model
!
!
aaa authentication login webssl local
aaa authentication login USERS local
aaa authentication login abc1 local
aaa authorization network USER-LIST local
aaa authorization network abc2 local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
ip dhcp pool LAN
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8
lease 2
!
!
!
ip domain name mydom.com
ip name-server 5.22.22.2
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint mytrustpoint
enrollment selfsigned
subject-name cn=me
revocation-check crl
rsakeypair mytrustpoint
!
!
crypto pki certificate chain mytrustpoint
license udi pid CISCO1941/K9 sn FGL191020VV
license boot module c1900 technology-package securityk9
!
!
username my1 password xxx
!
redundancy
!
!
!
!
!
!
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.2.02075-k9.pkg sequence 1
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group mycisco
key myVPN123
pool list
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto dynamic-map map1 10
set transform-set set1
reverse-route
!
!
crypto map map1 client authentication list abc1
crypto map map1 client configuration address respond
crypto map map1 10 ipsec-isakmp dynamic map1
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.10.10.10 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map map1
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!

ip local pool SSLpool 192.168.0.6 192.168.0.106
ip local pool list 10.10.10.10 10.10.10.100
ip default-gateway 192.168.0.1
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip default-network 192.168.0.1
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ip access-list extended VPN-ACL
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended VPN_ACL
!
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
control-plane
!
!
banner login ^CCC

Labels:
1 Reply 1

gajownik
Cisco Employee
Cisco Employee

‎11-27-2023 02:32 AM

This config is EasyVPN. Apart from the fact that it's no longer supported, it uses IKEv1. This config was used by EoL Cisco VPN Client.
https://www.cisco.com/c/en/us/obsolete/security/cisco-easy-vpn.html
https://en.wikipedia.org/wiki/Cisco_Systems_VPN_Client

AnyConnect does not support IKEv1 so that would explain why it can't connect:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect42/feature/guide/anyconnect42features.html

You would need to migrate to SSL or IPsec/IKEv2 VPN. You can find multiple guides for FlexVPN Remote Access here:
https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

0 Helpful
Customers Also Viewed These Support Documents