Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
3
Helpful
7
Replies

UC520 VPN

jcetkoooo
Level 1
Level 1

‎02-10-2009 07:55 AM - edited ‎02-21-2020 04:09 PM

Hello,

We just got a UC520 for our small office. I am trying to set up a VPN (which is totally new for me). The VPN should be used from home on a pc with Cisco VPN client installed and should connect to the UC520 in the office and and get an ip address in the data VLAN.

I found an example config in a white paper and tried it but i keep getting the same error message when i try to connect:

UC520#

001708: Feb 10 03:42:06.484: ISAKMP:(0):Support for IKE Fragmentation not enabled

001709: Feb 10 03:42:06.484: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.10.23

I have attached my config. Could someone please help?

Justin

Labels:
24414-myconfig.log
0 Helpful
7 Replies 7

Ivan Martinon
Level 7
Level 7

‎02-10-2009 10:14 AM

Go ahead and enter this command on your router:

crypto isakmp fragmentation

Try your connection again.

jcetkoooo
Level 1
Level 1
In response to Ivan Martinon

‎02-10-2009 10:47 AM

Thanks for the quick response. I will give it a shot tomorrow morning. I'm home now and have no VPN access :) I'll let you know.

Justin

0 Helpful

jcetkoooo
Level 1
Level 1
In response to Ivan Martinon

‎02-11-2009 01:09 AM

Ok I entered the command and it seemed to solve part of my problem. Now the message reads:

002094: Feb 10 20:57:41.867: ISAKMP:(0): MM Fragmentation supported

002095: Feb 10 20:57:41.871: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.10.23

Anything else I can try?

I have also attached a debug crypto isakmp output.

Please let me know.

14 KB
0 Helpful

Ivan Martinon
Level 7
Level 7
In response to jcetkoooo

‎02-11-2009 08:18 AM

Are we sure we have the correct groupname and password on your vpn client profile? Go ahead and enable the vpn client log on the GUI and set all levels to 3, then try to connect and capture the logs.

0 Helpful

jcetkoooo
Level 1
Level 1
In response to Ivan Martinon

‎02-12-2009 11:39 PM

Hello,

The vpn client log is attached. I verified the groupname and password. They seem ok.

4 KB
0 Helpful

Ivan Martinon
Level 7
Level 7
In response to jcetkoooo

‎02-13-2009 07:47 AM

Well the log from the client shows the router does not respond, which leads me back to asking, the only static router seen on this router is one to a service engine, I know this router is getting ip address via dhcp, can you get the show ip route from the router and see if you have a default gateway?

0 Helpful

jcetkoooo
Level 1
Level 1
In response to Ivan Martinon

‎02-16-2009 01:05 AM

Hello,

Thanks for sticking with me on this.

It seems that I have a default gateway.

Would you mind checking the attachment (i'm not much of a router guy).

In the attach you will also find the access list which could be a suspect.

Thanks again,

Justin

5 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents