Cisco Support Community
Community Member

Linksys BEFVP41 & 2514 Here is how they work.

I have seen many posts on here asking how two get these to devices to work corectly - here you go:

- make sure you have the latest Firmware Upgrades for the BEFVP41

Here is what I have for the BEFVP41:

Tunnel Name: blabal

local Secure Group: Subnet - then i have the ip/subnet

remote secure group: ANY

remote secure gateway: ANY

Encryption: DES / - for performance reasons

Auth: MD5

Key Management: Auto IKE

PFS: is checked

pre-shared key: testtest

Key Lifetime: 3600

Now for the Cisco 2514 with Firewall IOS

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key testtest address BEFVP41.IP.address



crypto ipsec transform-set BEFVP41-vpn esp-des esp-md5-hmac


crypto map blatest local-address Ethernet0

crypto map blatest 1 ipsec-isakmp

set peer BEFVP41.IP.address

set transform-set BEFVP41-vpn

set pfs group1

match address 115

interface Ethernet0

ip nat outside

crypto map blatest <--------------------------

interface Ethernet1

ip address

ip nat inside

ip nat pool somepool x.x.x.x x.x.x.x netmask

ip nat inside source route-map nonat pool somepool overload

ip classless

no ip http server


access-list 110 deny ip

access-list 110 permit ip any

access-list 115 permit ip

access-list 115 deny ip any

no cdp run

route-map nonat permit 10

match ip address 110


Here is the Topo I am going by:


outside IP: BEFVP41.IP.address

Inside IP: - the default

Cisco 2514

outside IP: x.x.x.x

inside IP:


This should work for you. I have it the same and after playing around with the configs for a while it worked. I would make sure you have the PFS on the Cisco IOS turned on - or make sure it is on with group 1.

You can do a : sh crypto map and it will show if PFS and what group is enabled.


Good Luck-

CreatePlease to create content